openSUSE Security Update : xtrabackup (openSUSE-SU-2014:0363-1)

Medium Nessus Plugin ID 75289


The remote openSUSE host is missing a security update.


xtrabackup was updated to 2.1.8 :

Disabled the 'binary version check' functionality in the VersionCheck module due to security concerns. The automatic version check remains disabled in the openSUSE package. [bnc#864194] CVE-2014-2029 More bugs fixed :

- do not discard read-ahead buffers through incorrect usage of posic_fadvise() hints, which resulted in higher I/O rate on the backup stage

- Spurious trailing data blocks that would normally be ignored by InnoDB could lead to an assertion failure on the backup stage

- A spurious warning message could cause issues with third-party wrapper scripts

- xbcrypt could fail with the xbcrypt:xb_crypt_read_chunk:
unable to read chunk iv size at offset error under some circumstances

- xbstream could sometimes hang when extracting a broken or incomplete input stream


Update the affected xtrabackup packages.

See Also

Plugin Details

Severity: Medium

ID: 75289

File Name: openSUSE-2014-207.nasl

Version: $Revision: 1.3 $

Type: local

Agent: unix

Published: 2014/06/13

Modified: 2018/01/26

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P


Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:xtrabackup, p-cpe:/a:novell:opensuse:xtrabackup-debuginfo, p-cpe:/a:novell:opensuse:xtrabackup-debugsource, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2014/03/14

Reference Information

CVE: CVE-2014-2029