Описание
Security update for xtrabackup
This update for xtrabackup fixes the following issues:
- CVE-2016-6225: xbcrypt encryption IV not being set properly (boo#1019858)
In addition, XtraBackup was updated to 2.3.6 to include the following improvements:
- now supports SHA256 passwords
- new supports command options for secure connections
The following bugs were fixed:
- intermittent assertion failures when not correctly identifying server version
- Safe slave backup algorithm performed too short delays between retries which could cause backups to fail on a busy servers
- fix compilation warnings with gcc6
- Backup would still succeed even if xtrabackup would fail to write the metadata
- xbcloud now supports EMC ECS Swift API Authorization requests
- backup failed with MariaDB 10.2 with the unsupported server version error message
Список пакетов
openSUSE Leap 42.2
xtrabackup-2.3.6-3.1
xtrabackup-test-2.3.6-3.1
Ссылки
- E-Mail link for openSUSE-SU-2017:0251-1
- SUSE Security Ratings
Описание
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394.
Затронутые продукты
openSUSE Leap 42.2:xtrabackup-2.3.6-3.1
openSUSE Leap 42.2:xtrabackup-test-2.3.6-3.1
Ссылки
- CVE-2016-6225
- SUSE Bug 1019858