Launchpad.net

CVE 2014-2029

The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com.

Related bugs and status

CVE-2014-2029 (Candidate) is related to these bugs:

Bug #1279502: --version-check behaves like spyware

		In	Importance	Status
1279502	--version-check behaves like spyware	Percona Toolkit moved to https://jira.percona.com/projects/PT	High	Fix Released
1279502	--version-check behaves like spyware	Percona XtraBackup moved to https://jira.percona.com/projects/PXB	Undecided	Opinion
1279502	--version-check behaves like spyware	Percona Toolkit moved to https://jira.percona.com/projects/PT 2.1	High	Fix Released
1279502	--version-check behaves like spyware	Percona Toolkit moved to https://jira.percona.com/projects/PT 2.0	Undecided	Invalid
1279502	--version-check behaves like spyware	Percona Toolkit moved to https://jira.percona.com/projects/PT 2.2	High	Fix Released

Bug #1285166: Disable "binary version" functionality in VersionCheck

		In	Importance	Status
1285166	Disable "binary version" functionality in VersionCheck	Percona XtraBackup moved to https://jira.percona.com/projects/PXB	High	Fix Released
1285166	Disable "binary version" functionality in VersionCheck	Percona XtraBackup moved to https://jira.percona.com/projects/PXB 2.2	High	Fix Released
1285166	Disable "binary version" functionality in VersionCheck	Percona XtraBackup moved to https://jira.percona.com/projects/PXB 2.1	High	Fix Released

Bug #1289539: Sync percona-toolkit 2.2.7-1~dfsg1 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	1289539	Sync percona-toolkit 2.2.7-1~dfsg1 (universe) from Debian unstable (main)		percona-toolkit (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-2029

Related bugs and status

Related bugs

References