Debian Security Advisory
DLA-630-1 zookeeper -- LTS security update
- Date Reported:
- 18 Sep 2016
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-5017.
- More information:
Lyon Yang discovered that the C client shells cli_st and cli_mt of Apache Zookeeper, a high-performance coordination service for distributed applications, were affected by a buffer overflow vulnerability associated with parsing of the input command when using the "cmd:" batch mode syntax. If the command string exceeds 1024 characters a buffer overflow will occur.
For Debian 7
Wheezy, these problems have been fixed in version 3.3.5+dfsg1-2+deb7u1.
We recommend that you upgrade your zookeeper packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS