percona-toolkit-2.2.18-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10095 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z percona-toolkit-2.2.18-1.1 on GA media These are all security issues fixed in the percona-toolkit-2.2.18-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10095 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10095 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2014-2029/ SUSE CVE CVE-2014-2029 page https://www.suse.com/security/cve/CVE-2015-1027/ SUSE CVE CVE-2015-1027 page openSUSE Tumbleweed percona-toolkit-2.2.18-1.1 percona-toolkit-2.2.18-1.1 as a component of openSUSE Tumbleweed The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com. CVE-2014-2029 openSUSE Tumbleweed:percona-toolkit-2.2.18-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-2029.html CVE-2014-2029 https://bugzilla.suse.com/864194 SUSE Bug 864194 https://bugzilla.suse.com/919298 SUSE Bug 919298 The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL. CVE-2015-1027 openSUSE Tumbleweed:percona-toolkit-2.2.18-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-1027.html CVE-2015-1027 https://bugzilla.suse.com/919298 SUSE Bug 919298