openSUSE Security Update : percona-toolkit / xtrabackup (openSUSE-SU-2014:0333-1)
Medium Nessus Plugin ID 75277
SynopsisThe remote openSUSE host is missing a security update.
Descriptionpercona-toolkit and xtrabackup were updated :
- disable automatic version check for all tools [bnc#864194] Prevents transmission of version information to an external host in the default configuration. CVE-2014-2029 Can be used by owner of a Percona Server (or an attacker who can control this destination for the client) to collect arbitrary MySQL configuration parameters and execute commands (with -v).
Now the version check needs to be requested via command line or global/tool specific/user configuration.
- added /etc/percona-toolkit/percona-toolkit.conf configuration directory and template configuration file
SolutionUpdate the affected percona-toolkit / xtrabackup packages.