Candidate: CVE-2015-1027 PublicDate: 2017-09-29 01:34:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1027 Description: The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL. Ubuntu-Description: Notes: seth-arnold> Debian notes this version check is disabled, it may be disabled in our packages too Bugs: Priority: medium Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N [5.9 MEDIUM] Patches_percona-toolkit: other: https://build.opensuse.org/package/view_file/openSUSE:13.1:Update/xtrabackup/percona-xtrabackup-CVE-2015-1027.patch?expand=1 upstream_percona-toolkit: released (2.2.13-1) lucid_percona-toolkit: DNE precise_percona-toolkit: ignored (reached end-of-life) precise/esm_percona-toolkit: DNE (precise was needed) trusty_percona-toolkit: ignored (reached end-of-life) trusty/esm_percona-toolkit: DNE (trusty was needed) utopic_percona-toolkit: ignored (reached end-of-life) vivid_percona-toolkit: ignored (reached end-of-life) vivid/stable-phone-overlay_percona-toolkit: DNE vivid/ubuntu-core_percona-toolkit: DNE wily_percona-toolkit: ignored (reached end-of-life) xenial_percona-toolkit: not-affected (2.2.13-1) yakkety_percona-toolkit: ignored (reached end-of-life) zesty_percona-toolkit: ignored (reached end-of-life) artful_percona-toolkit: ignored (reached end-of-life) bionic_percona-toolkit: not-affected (2.2.13-1) cosmic_percona-toolkit: not-affected (2.2.13-1) disco_percona-toolkit: not-affected (2.2.13-1) devel_percona-toolkit: not-affected (2.2.13-1) Patches_percona-xtrabackup: other: https://build.opensuse.org/package/view_file/openSUSE:13.1:Update/xtrabackup/percona-xtrabackup-CVE-2015-1027.patch?expand=1 upstream_percona-xtrabackup: released (2.2.9) lucid_percona-xtrabackup: DNE precise_percona-xtrabackup: DNE precise/esm_percona-xtrabackup: DNE trusty_percona-xtrabackup: ignored (reached end-of-life) trusty/esm_percona-xtrabackup: DNE (trusty was needed) utopic_percona-xtrabackup: ignored (reached end-of-life) vivid_percona-xtrabackup: ignored (reached end-of-life) vivid/stable-phone-overlay_percona-xtrabackup: DNE vivid/ubuntu-core_percona-xtrabackup: DNE wily_percona-xtrabackup: ignored (reached end-of-life) xenial_percona-xtrabackup: not-affected (2.3.7-0ubuntu0.16.04.2) yakkety_percona-xtrabackup: ignored (reached end-of-life) zesty_percona-xtrabackup: ignored (reached end-of-life) artful_percona-xtrabackup: ignored (reached end-of-life) bionic_percona-xtrabackup: not-affected (2.3.7-0ubuntu0.16.04.2) cosmic_percona-xtrabackup: not-affected (2.3.7-0ubuntu0.16.04.2) disco_percona-xtrabackup: not-affected (2.3.7-0ubuntu0.16.04.2) devel_percona-xtrabackup: not-affected (2.3.7-0ubuntu0.16.04.2)