Hash: SHA512 Package : zookeeper Version : 3.4.5+dfsg-2+deb7u1 CVE ID : CVE-2017-5637 Debian Bug : 863811 It was discovered that Zookeeper, a service for maintaining configuration information, didn't restrict access to the computationally expensive wchp/wchc commands which could result in denial of service by elevated CPU consumption. This update disables those two commands by default. The new configuration option "4lw.commands.whitelist" can be used to whitelist commands selectively (and the full set of commands can be restored with '*') For Debian 7 "Wheezy", these problems have been fixed in version 3.4.5+dfsg-2+deb7u1. We recommend that you upgrade your zookeeper packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Debian LTS: DLA-986-1: zookeeper security update
June 15, 2017
It was discovered that Zookeeper, a service for maintaining configuration information, didn't restrict access to the computationally expensive wchp/wchc commands which could result...
Summary
It was discovered that Zookeeper, a service for maintaining configuration information, didn't restrict access to the computationally expensive wchp/wchc commands which could result in denial of service by elevated CPU consumption. This update disables those two commands by default. The new configuration option "4lw.commands.whitelist" can be used to whitelist commands selectively (and the full set of commands can be restored with '*') For Debian 7 "Wheezy", these problems have been fixed in version 3.4.5+dfsg-2+deb7u1. We recommend that you upgrade your zookeeper packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Hash: SHA512 Version : 3.4.5+dfsg-2+deb7u1
Severity
Package : zookeeper
CVE ID : CVE-2017-5637
Debian Bug : 863811
News
HOWTOs
About Us
Powered By
