[SECURITY] [DLA 630-1] zookeeper security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 630-1] zookeeper security update
From: Markus Koschany <apo@debian.org>
Date: Sun, 18 Sep 2016 21:52:57 +0200
Message-id: <[🔎] f2265d71-c5a4-3372-dbe3-5b95f663ab57@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : zookeeper
Version        : 3.3.5+dfsg1-2+deb7u1
CVE ID         : CVE-2016-5017


Lyon Yang discovered that the C client shells cli_st and cli_mt of
Apache Zookeeper, a high-performance coordination service for
distributed applications, were affected by a buffer overflow
vulnerability associated with parsing of the input command when using
the "cmd:" batch mode syntax. If the command string exceeds 1024
characters a buffer overflow will occur.

For Debian 7 "Wheezy", these problems have been fixed in version
3.3.5+dfsg1-2+deb7u1.

We recommend that you upgrade your zookeeper packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJX3vCXXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1Hk8qYQAKqV96KYgNa88w18xivj3itK
hedRa1m/by0sncnxKzNnr57VQlRwoarRfGGaLAZm+H8TdlP84DWUTA0NeS29rzqE
IxO1Jb5O5vB7JFxIymKzlZKQf7D2N8pFF+46dv2fyigfNppuZe8b/8sbB4W5Y6Us
9TuK+bVC8Yu1MOGugP4UHb/KUQgPPz2sPhJW/l1Qt7DeogNAs5CRgrSrKCOHt4Ct
ScQKMyIJR/tXTj1TF6mRT5meEg7QFvxAq/EQ+uq0+WR5jiHIiBJe5ZMlU3xAz22T
NKmqbgrBSW4KdzNMiEO8GFd1UvvQujByzmn2LxnXw7IRTU/oUxOZ0ODvs1YSzFrs
MPaC1ITJon1LTud70nw1yyZhgaP2YFPFjqi0YFSnWekQqQDOw9zGmS1EnETsrr7l
/wJGEdTcoRWzrxmYEXp0yrySW6sDzaF9iCZwcO7dX2UmM3tp+wPWSqlmKI4CIwsh
7+LDeR5+yViESVdWoGPBBZzsPDGkjJ9D+cu748s54ubZtOx1eC0Jl735ZufRTrCf
OiYQL05oNFDydvVukRCFKR0JkgwTZA+yCVG7taUfW8aPlOlFv4x6OektOiRFwAOk
Bk1sIbRoA2lYkFmattUC6wxoOKKdm96tnzI3CKB/sKyZyG5+H3ISEUKhA3aITzqE
ONfmeTq8B8neSF9A35OP
=hAsR
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 629-1] jackrabbit security update
Next by Date: [SECURITY] [DLA 631-1] unadf security update
Previous by thread: [SECURITY] [DLA 629-1] jackrabbit security update
Next by thread: [SECURITY] [DLA 631-1] unadf security update
Index(es):
- Date
- Thread