openSUSE-SU-2017:0250-1

Опубликовано: 23 янв. 2017

Источник: suse-cvrf

Описание

Security update for xtrabackup

This update for xtrabackup fixes the following issues:

CVE-2016-6225: xbcrypt encryption IV not being set properly (boo#1019858)

Список пакетов

openSUSE Leap 42.1

xtrabackup-2.2.12-8.1

xtrabackup-test-2.2.12-8.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-01/msg00125.html
E-Mail link for openSUSE-SU-2017:0250-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394.

Затронутые продукты

openSUSE Leap 42.1:xtrabackup-2.2.12-8.1

openSUSE Leap 42.1:xtrabackup-test-2.2.12-8.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-6225.html
CVE-2016-6225
https://bugzilla.suse.com/1019858
SUSE Bug 1019858

openSUSE-SU-2017:0250-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2016-6225

Описание

Затронутые продукты

Ссылки