Debian Security Advisory

DLA-630-1 zookeeper -- LTS security update

Date Reported:
18 Sep 2016
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2016-5017.
More information:

Lyon Yang discovered that the C client shells cli_st and cli_mt of Apache Zookeeper, a high-performance coordination service for distributed applications, were affected by a buffer overflow vulnerability associated with parsing of the input command when using the "cmd:" batch mode syntax. If the command string exceeds 1024 characters a buffer overflow will occur.

For Debian 7 Wheezy, these problems have been fixed in version 3.3.5+dfsg1-2+deb7u1.

We recommend that you upgrade your zookeeper packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: