openSUSE Security Update : xtrabackup (openSUSE-SU-2014:0363-1)

high Nessus Plugin ID 75289

Synopsis

The remote openSUSE host is missing a security update.

Description

xtrabackup was updated to 2.1.8 :

Disabled the 'binary version check' functionality in the VersionCheck module due to security concerns. The automatic version check remains disabled in the openSUSE package. [bnc#864194] CVE-2014-2029 More bugs fixed :

- do not discard read-ahead buffers through incorrect usage of posic_fadvise() hints, which resulted in higher I/O rate on the backup stage

- Spurious trailing data blocks that would normally be ignored by InnoDB could lead to an assertion failure on the backup stage

- A spurious warning message could cause issues with third-party wrapper scripts

- xbcrypt could fail with the xbcrypt:xb_crypt_read_chunk:
unable to read chunk iv size at offset error under some circumstances

- xbstream could sometimes hang when extracting a broken or incomplete input stream

Solution

Update the affected xtrabackup packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=864194

https://lists.opensuse.org/opensuse-updates/2014-03/msg00033.html

Plugin Details

Severity: High

ID: 75289

File Name: openSUSE-2014-207.nasl

Version: 1.6

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:xtrabackup-debuginfo, cpe:/o:novell:opensuse:13.1, p-cpe:/a:novell:opensuse:xtrabackup, p-cpe:/a:novell:opensuse:xtrabackup-debugsource

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 3/14/2014

Reference Information

CVE: CVE-2014-2029