Debian Long Term Support / LTS Security Information / 2016 / Security Information -- DLA-630-1 zookeeper

Debian Security Advisory

DLA-630-1 zookeeper -- LTS security update

Date Reported:

18 Sep 2016

Affected Packages:

zookeeper

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2016-5017.

More information:

Lyon Yang discovered that the C client shells cli_st and cli_mt of Apache Zookeeper, a high-performance coordination service for distributed applications, were affected by a buffer overflow vulnerability associated with parsing of the input command when using the "cmd:" batch mode syntax. If the command string exceeds 1024 characters a buffer overflow will occur.

For Debian 7 Wheezy, these problems have been fixed in version 3.3.5+dfsg1-2+deb7u1.

We recommend that you upgrade your zookeeper packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS