openSUSE Security Update : xtrabackup (openSUSE-SU-2013:1864-1)

low Nessus Plugin ID 75227

Synopsis

The remote openSUSE host is missing a security update.

Description

Percona XtraBackup was updated to 2.1.6 [bnc#852224]

- New Features :

- New innobackupex --force-non-empty-directories option

- now supports logs created with the new log block checksums

- New Features specific to MySQL 5.6: option innodb_log_checksum_algorithm in Percona Server 5.6

- Bugs Fixed :

- innobackupex --copy-back fails on empty innodb_data_home_dir

- A fixed initialization vector (constant string) was used while encrypting the data. This opened the encrypted stream/data to plaintext attacks among others.
CVE-2013-6394

- innobackupex --version-check is now on by default.

- Since Version Check is enabled by default, new optin

--no-version-check option has been introduced to disable it.

- xtrabackup_slave_info didn't contain any GTID information, which could cause master_auto_position not to work properly

- now supports absolute paths in innodb_data_file_path variable.

- wouldn't back up the empty directory created with mkdir (i.e. test) outside of the server which could lead to inconsistencies during the Percona XtraDB Cluster State Snapshot Transfer.

- wasn't able to perform backups to the NFS mount in some NFS configurations, because it was trying to preserve file ownership.

- unable to perform backup if innodb_log_arch_dir variable was used in server configuration

- Race condition in start_query_killer child code could cause parent MySQL connection to close.

- Bugs Fixed specific to MySQL 5.6 :

- xtrabackup_56 was using CRC32 as the default checksum algorithm This could cause error if the innodb_checksum_algorithm value was changed to strict_innodb value after a restore.

- xtrabackup_56 binary didn't store the server’s innodb_checksum_algorithm value to backup-my.cnf. This value is needed because it affects the on-disk data format.

- update and tag percona-xtrabackup-2.1.x-nodoc.patch

Solution

Update the affected xtrabackup packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=852224

https://lists.opensuse.org/opensuse-updates/2013-12/msg00052.html

Plugin Details

Severity: Low

ID: 75227

File Name: openSUSE-2013-963.nasl

Version: 1.4

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:xtrabackup, p-cpe:/a:novell:opensuse:xtrabackup-debuginfo, p-cpe:/a:novell:opensuse:xtrabackup-debugsource, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 11/30/2013

Reference Information

CVE: CVE-2013-6394