-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4214-1 security@xxxxxxxxxx https://www.debian.org/security/ Moritz Muehlenhoff June 01, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : zookeeper CVE ID : CVE-2018-8012 It was discovered that Zookeeper, a service for maintaining configuration information, enforced no authentication/authorisation when a server attempts to join a Zookeeper quorum. This update backports authentication support. Additional configuration steps are needed, please see https://cwiki.apache.org/confluence/display/ZOOKEEPER/Server-Server+mutual+authentication for additional information. For the oldstable distribution (jessie), this problem has been fixed in version 3.4.9-3+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 3.4.9-3+deb9u1. We recommend that you upgrade your zookeeper packages. For the detailed security status of zookeeper please refer to its security tracker page at: https://security-tracker.debian.org/tracker/zookeeper Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlsRuPwACgkQEMKTtsN8 TjbnMw//fDJ4aC9z7/eDPlOHURPJPVshFSWcNeyTSnJR5lIESzpTJD5zEt7kHfGN jU5akO5ZEiJn0A2z4XGzCATKKZveLqsJyXvGi5Y40XeaUIyrjz8xvCgsCwTyVoqx d93laGfHQCF9r28nR16y8zX9+QtMfy1RtJKuQGy4veBv34tVoUkr1Fr7ibyGlSNg ZKHeJjzDEYSrl1CGTAXqYUcF0vyPMgqwZpjHMBF28eRk+pCXIBMQKlKp1Q6k3Y9Z GhglRu3X87ftnuthaRDSI4jnNBLxHWFhluALwRP6U+92B7cKKFzv5MuoWxBDrY8W TngF7e1sCZCpFb2JWlXdQupxFwZgMJ4cztWgMeWK3WabgRjvFEXBaw/HJlEErTxN kqHpPdDkt8XAUgpbezR63f8LZyPoD9H7/Na5WpygpOEJfCEYcDUAPxkV6FCW5ZH3 h5jtoLrOuN7EhRAvz/ykx/UmXmcou6t66toACQQrJFHvXy9gMQEJW9D6tUqcFUBA xkWef+lRM65hGBD1HsZaIDI8f4D8wguYAthh76nLLe1VE0X2kzLn4/kzjQ8fw8/L Lobz0IBe71YC5n090akWs+LPgUfEkWErn5ayJW4mII0hY4ktpiIFVMxhPRaNuwx1 CVwFg8YlEFc2TWhsWEA5ikH5R9JCpe6lLPOZXSGgg9DQ2h7N118= =9SrO -----END PGP SIGNATURE-----