内容简介:Percona XtraDB backup >= 2.4.11 suffers an issue whereby the whole command line is captured and output to resulting backup file location, and where –history command line argument is passed this too is captured within the PERCONA_SCHEMA.xtrabackup_history t
CVE-2020-10997
Percona XtraDB backup >= 2.4.11 suffers an issue whereby the whole command line is captured and output to resulting backup file location, and where –history command line argument is passed this too is captured within the PERCONA_SCHEMA.xtrabackup_history table. In addition to the information being present within the process list and standard error output.
This issue is resolved in >= 2.4.20 and >= 8.0.11 .
Applicability
Access to backup files is required in order to exploit this error, protection of backup files and media is already a well known best-practise and we encourage our users to continue to follow this practise.
Authenticated access to the MySQL server is required to collect command line data where –history was used during backup.
Authenticated access to the Linux system on which PXB is being executed or access to the Process list meta data would be required in order to gain access to the command line arguments used during execution, as well as access to standard error output.
Credits
Percona would like to thank Zsolt Paragi for discovering this issue, and working to aid resolution.
More Information
- CVE-2020-10997
- https://jira.percona.com/browse/PXB-2142
- https://jira.percona.com/browse/PXB-2145
- https://jira.percona.com/browse/PXB-2152
- https://jira.percona.com/browse/PXB-2154
Release notes
以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网
猜你喜欢:
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
计算机网络(第4版)
[美] James F. Kurose、[美] Keith W. Ross / 陈鸣 / 机械工业出版社 / 2009-11 / 66.00元
本书采用了独创的自顶向下方法,即从应用层开始沿协议栈向下讲解计算机网络的基本原理,强调应用层范例和应用编程接口,内容深入浅出,注重教学方法,理论与实践相结合。第3版的内容相应更新并反映了网络领域的最新进展,如增加了无线和移动网络一章,扩充了对等网络、BGP、MPLS、网络安全、广播选路和因特网编址及转发方面的材料;还增加了一套实用的实验,并修订了习题。本书适合作为计算机、电子、通信工程相关专业的本......一起来看看 《计算机网络(第4版)》 这本书的介绍吧!
