Debian LTS: DLA-986-1: zookeeper security update
Debian LTS: DLA-986-1: zookeeper security update
It was discovered that Zookeeper, a service for maintaining configuration information, didn't restrict access to the computationally expensive wchp/wchc commands which could result in denial of service by elevated CPU consumption.
Hash: SHA512 Package : zookeeper Version : 3.4.5+dfsg-2+deb7u1 CVE ID : CVE-2017-5637 Debian Bug : 863811 It was discovered that Zookeeper, a service for maintaining configuration information, didn't restrict access to the computationally expensive wchp/wchc commands which could result in denial of service by elevated CPU consumption. This update disables those two commands by default. The new configuration option "4lw.commands.whitelist" can be used to whitelist commands selectively (and the full set of commands can be restored with '*') For Debian 7 "Wheezy", these problems have been fixed in version 3.4.5+dfsg-2+deb7u1. We recommend that you upgrade your zookeeper packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS