Upstream information

CVE-2014-2029 at MITRE

Description

The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.8
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entries: 864194 [RESOLVED / FIXED], 919298 [RESOLVED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • percona-toolkit >= 2.1.11-2.12.1
Patchnames:
openSUSE-2014-205
openSUSE 13.1
  • percona-toolkit >= 2.2.7-2.10.1
  • xtrabackup >= 2.1.8-21.1
  • xtrabackup-debuginfo >= 2.1.8-21.1
  • xtrabackup-debugsource >= 2.1.8-21.1
Patchnames:
openSUSE-2014-184
openSUSE-2014-207
openSUSE Tumbleweed
  • percona-toolkit >= 2.2.18-1.1
  • xtrabackup >= 2.3.5-1.3
  • xtrabackup-test >= 2.3.5-1.3
Patchnames:
openSUSE Tumbleweed GA percona-toolkit
openSUSE Tumbleweed GA xtrabackup