|
|
Subscribe / Log in / New account

Debian alert DLA-986-1 (zookeeper)



From:
    	      Markus Koschany <apo@debian.org> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 986-1] zookeeper security update 


Date:
    	      Thu, 15 Jun 2017 22:15:41 +0200


Message-ID:
    	      <d60ec3c3-c544-3253-3d8e-4e324d25863a@debian.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : zookeeper
Version        : 3.4.5+dfsg-2+deb7u1
CVE ID         : CVE-2017-5637
Debian Bug     : 863811

It was discovered that Zookeeper, a service for maintaining
configuration information, didn't restrict access to the computationally
expensive wchp/wchc commands which could result in denial of service by
elevated CPU consumption.

This update disables those two commands by default. The new
configuration option "4lw.commands.whitelist" can be used to whitelist
commands selectively (and the full set of commands can be restored
with '*')

For Debian 7 "Wheezy", these problems have been fixed in version
3.4.5+dfsg-2+deb7u1.

We recommend that you upgrade your zookeeper packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAllC6uxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQoRBAA0RbCxFTtnMv2KHim7AvoZNvUx7tiTTu67wcv8Mdm/fMWAKCDXL6fKRqK
uG3luV20xXU+10sp1QMqmXTj1gqAUNMrxH7Ntpct6Z//cJxkP9SJG1HPk1mRfntT
XiYvxG3bZ9dD72lMF6NOURnzGQJyuWZg0CaEH4DyEjMcV6uGac96meV1TdxyQH7B
R4xs43cC1hlhBa3JMBnNOdLQ7Y9QLmNnmBOS9lfiShvSTJeHmuIaQhFE1r2IxBws
eR4g6ctW2bKrgpFTKOLyZWKkIio0DEqEk0hMDYQe9d5FfNP8zJi2iHEDGphXX+NZ
rkcJXTg17AREXb7YZx9IUZzsm7QH0u4A1MwHAYnxB808brcagu9V+bkA/qXXw32f
1t/y7Qq9UOpREl1lCJ9imoD41jQR+w7V5CRmrznC1t7sBtuRLJ9jdtbLoKamzBI5
F1DA2528ERg7VF8HYUZe/nR2pgjtisT2MgcQU5oDeNShJTQIQy9vy1tnRtJ7EBjX
ojnfHGw5Oe8G9sYg9nuQ0mKlZVVv91Vwyb4sW4rIuoFhRXG6RKNYDNr5lmo+4L5i
3wV75uxqxHi1YW05PYCeblUKDc9OzC0CHJDlBGgfqmZ3e7s1b9q9ML1wtQ4pfm9n
M6HoYwIcvfwdfGQQl/JfIEFmrK/NNCHTWLW7QLYJwbUKZF87ILA=
=7sYx
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds