Your message dated Sun, 03 Jun 2018 11:03:01 +0000 with message-id <e1fpqmr-0007u7...@fasolo.debian.org> and subject line Bug#899332: fixed in zookeeper 3.4.9-3+deb9u1 has caused the Debian Bug report #899332, regarding CVE-2018-8012: Apache ZooKeeper Quorum Peer mutual authentication to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 899332: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899332 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: zookeeper X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Fixed: 3.4.10-1 Hi, The following vulnerability was published for zookeeper. CVE-2018-8012[0]: | No authentication/authorization is enforced when a server attempts to | join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha | through 3.5.3-beta. As a result an arbitrary end point could join the | cluster and begin propagating counterfeit changes to the leader. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-8012 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8012 Please adjust the affected versions in the BTS as needed. Regards, Markus
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---Source: zookeeper Source-Version: 3.4.9-3+deb9u1 We believe that the bug you reported is fixed in the latest version of zookeeper, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 899...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <a...@debian.org> (supplier of updated zookeeper package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 23 May 2018 22:34:43 +0200 Source: zookeeper Binary: libzookeeper-java zookeeper zookeeperd libzookeeper-java-doc libzookeeper-mt2 libzookeeper-st2 libzookeeper2 libzookeeper-mt-dev libzookeeper-st-dev zookeeper-bin python-zookeeper Architecture: source all amd64 Version: 3.4.9-3+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@debian.org> Description: libzookeeper-java - Core Java libraries for zookeeper libzookeeper-java-doc - API Documentation for zookeeper libzookeeper-mt-dev - Development files for multi threaded zookeeper C bindings libzookeeper-mt2 - Multi threaded C bindings for zookeeper libzookeeper-st-dev - Development files for single threaded zookeeper C bindings libzookeeper-st2 - Single threaded C bindings for zookeeper libzookeeper2 - C bindings for zookeeper - transitional package python-zookeeper - Python bindings for zookeeper zookeeper - High-performance coordination service for distributed application zookeeper-bin - Command line utilities for zookeeper zookeeperd - Init control scripts for zookeeper Closes: 899332 Changes: zookeeper (3.4.9-3+deb9u1) stretch-security; urgency=high . * Team upload. * Fix CVE-2018-8012: No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader. (Closes: #899332) Checksums-Sha1: a6a48b15200bce99d31dbe225f9059b324c3cd77 3172 zookeeper_3.4.9-3+deb9u1.dsc a0a6168dcd380c5586c8dcfa144668f7a1a21c6d 1931392 zookeeper_3.4.9.orig.tar.xz 2fe8590457e4515736317981af6fd1516b6abcaa 85716 zookeeper_3.4.9-3+deb9u1.debian.tar.xz c5091e0426ba7598532af8408f8879e71e523fc4 370720 libzookeeper-java-doc_3.4.9-3+deb9u1_all.deb 9bf2bfacb54d0a632beabbf4a1cbeffada11c601 1359262 libzookeeper-java_3.4.9-3+deb9u1_all.deb a5bef36affab800e5ac48c7c202bb184337ecae6 90994 libzookeeper-mt-dev_3.4.9-3+deb9u1_amd64.deb 4e0e903f7b9f756e9812fee183a1540055de49d8 112724 libzookeeper-mt2-dbgsym_3.4.9-3+deb9u1_amd64.deb c967d314f53b91efebade14c13dab294c52e2ef9 75078 libzookeeper-mt2_3.4.9-3+deb9u1_amd64.deb fc30b5d6d9cefca01d60bb4317681f7a09e753c7 88256 libzookeeper-st-dev_3.4.9-3+deb9u1_amd64.deb 14069b6a75858005e7baa6e2682c0f4280a4196b 105602 libzookeeper-st2-dbgsym_3.4.9-3+deb9u1_amd64.deb fd6a0334b6e4b500f5588aac5d6f14e47a5dd102 72852 libzookeeper-st2_3.4.9-3+deb9u1_amd64.deb 1cc66c88bd2488681d95f53ad65805f946678f00 40828 libzookeeper2_3.4.9-3+deb9u1_amd64.deb 5bbd6a12879b4b20a02d1c3d347a99a55dc24bea 32354 python-zookeeper-dbgsym_3.4.9-3+deb9u1_amd64.deb 9b10fb36caa12c344e54db0c18c656249e91c730 58224 python-zookeeper_3.4.9-3+deb9u1_amd64.deb f3a7ed0ae7ddc28cae7c4adc72631c824f3a1c46 413398 zookeeper-bin-dbgsym_3.4.9-3+deb9u1_amd64.deb 9934cbe5f3aede4a86a6ed0cb254e3033274789c 94542 zookeeper-bin_3.4.9-3+deb9u1_amd64.deb 49d81cdba9dd32e0bdf37a66594dcae440827ef2 141838 zookeeper_3.4.9-3+deb9u1_all.deb ac130e91cc22ace1e7a0e8bdbd873cf85ec7f120 17396 zookeeper_3.4.9-3+deb9u1_amd64.buildinfo cb490a37f99b8d821da77c719a58b5ae9602fd79 43936 zookeeperd_3.4.9-3+deb9u1_all.deb Checksums-Sha256: 4d84f7ba36423fe4d24fa23571324f340c01ba315f0c15f0f386b5959e93324e 3172 zookeeper_3.4.9-3+deb9u1.dsc 1471e69d0b391c87208ec5a6ef5c6dbb1e31820b274b34ebd9a808940f36410b 1931392 zookeeper_3.4.9.orig.tar.xz 0639c57a977d65d4b83a8a0a4745eb9be8f4b868cd43cb36be8f1db4d2b0a96d 85716 zookeeper_3.4.9-3+deb9u1.debian.tar.xz 71b5255a322f4c34147231c1a19044c22cd4c7ac5b395c0e3735153e0a75f993 370720 libzookeeper-java-doc_3.4.9-3+deb9u1_all.deb ab7bb2ea817e14bef634632a3a5e3a54d32d1865b49d227907b3364a66f2539b 1359262 libzookeeper-java_3.4.9-3+deb9u1_all.deb 4f8c0c6db1047b15fb893eb12eb566cf91be8f46fd79aae6ddc4d8b5afaade78 90994 libzookeeper-mt-dev_3.4.9-3+deb9u1_amd64.deb f1c4808320f7a9bc62a189eca5a5571345b372361315f67abbb2c72bd30eebe7 112724 libzookeeper-mt2-dbgsym_3.4.9-3+deb9u1_amd64.deb e8f167a3f7f3f072858d14664e49ddd7c0ae96fb8d7419641bf3a9464c6029cb 75078 libzookeeper-mt2_3.4.9-3+deb9u1_amd64.deb 3d0fb18710a9db14ee3f019fee9eae12cce588e29f0548f5d334f428776770c6 88256 libzookeeper-st-dev_3.4.9-3+deb9u1_amd64.deb 6c3316e7bef378ae434288f515126d76baf85a87607d147cf6c3a08fd8481e7f 105602 libzookeeper-st2-dbgsym_3.4.9-3+deb9u1_amd64.deb ea3d79a73654579b0f224187dc61d2cd27d190dc9d76099acfcc2c4e3737a673 72852 libzookeeper-st2_3.4.9-3+deb9u1_amd64.deb 821268b5eb870853f84f13218cccdbe41a5b9e2f0a84c3de18d6e14bfedaca94 40828 libzookeeper2_3.4.9-3+deb9u1_amd64.deb 692041e296743fc0902042630bab5db199270d78c30023d1454257ec4fdc65d6 32354 python-zookeeper-dbgsym_3.4.9-3+deb9u1_amd64.deb 51c1cccdfa48dcc70a609ef9667f413abd21221dd11919b698f465e3d45df207 58224 python-zookeeper_3.4.9-3+deb9u1_amd64.deb 26abf824dc45e6701c79a8318997214ebfcd57254d851b5342bfd33d06b90554 413398 zookeeper-bin-dbgsym_3.4.9-3+deb9u1_amd64.deb 5385f85a04fe2abf40816ee537207b5349e104e766edba7b97fb503e00fbeb83 94542 zookeeper-bin_3.4.9-3+deb9u1_amd64.deb fcf686ab1085bc5b6eb885ece13ac244bb6a40c7eeaa55ecce551596c4bb3a16 141838 zookeeper_3.4.9-3+deb9u1_all.deb f971559017f8fd51775a81d28f0997548ad47842bf2bccf825332f9c145c2344 17396 zookeeper_3.4.9-3+deb9u1_amd64.buildinfo 97d4dd4ebc45a0f887c9c6a2772af0d535b2756d308ebdee3c5248d12d0ba0f7 43936 zookeeperd_3.4.9-3+deb9u1_all.deb Files: f1efd070588f838c63a9725be50dd5ce 3172 java optional zookeeper_3.4.9-3+deb9u1.dsc d33aa506accaeade4260f1ba26ad3b8e 1931392 java optional zookeeper_3.4.9.orig.tar.xz 418dd9a3c464aacf1463b76fe077f530 85716 java optional zookeeper_3.4.9-3+deb9u1.debian.tar.xz aa4b09fc6588ce6ab99d9e927e1a4b77 370720 doc optional libzookeeper-java-doc_3.4.9-3+deb9u1_all.deb f6fb17e3d0670a84a429d436453379bc 1359262 java optional libzookeeper-java_3.4.9-3+deb9u1_all.deb 2443404c93df05e46b68a8cf23026d7f 90994 libdevel optional libzookeeper-mt-dev_3.4.9-3+deb9u1_amd64.deb 5e6ed526fe30ec5067538b1312c2df6d 112724 debug extra libzookeeper-mt2-dbgsym_3.4.9-3+deb9u1_amd64.deb 007348e69dc471ae88a009e70284587e 75078 libs optional libzookeeper-mt2_3.4.9-3+deb9u1_amd64.deb ec7dec76297bf06e246216dcf6f6c076 88256 libdevel optional libzookeeper-st-dev_3.4.9-3+deb9u1_amd64.deb 5c11636cd5931663f7b18624c31f1219 105602 debug extra libzookeeper-st2-dbgsym_3.4.9-3+deb9u1_amd64.deb 960b474c66ab71a91af1bb8e1462d7b0 72852 libs optional libzookeeper-st2_3.4.9-3+deb9u1_amd64.deb a4caf371910cda4f3c8811249638b179 40828 oldlibs extra libzookeeper2_3.4.9-3+deb9u1_amd64.deb f5e8a0d3e5f4808bd97c578d9830dffb 32354 debug extra python-zookeeper-dbgsym_3.4.9-3+deb9u1_amd64.deb d06d50cb9fab477cbdb2f6a329e19c43 58224 python optional python-zookeeper_3.4.9-3+deb9u1_amd64.deb 5c6e308742d99552459e458fc2e8810f 413398 debug extra zookeeper-bin-dbgsym_3.4.9-3+deb9u1_amd64.deb 539b242851e6239fec3689fe0e6938d2 94542 misc optional zookeeper-bin_3.4.9-3+deb9u1_amd64.deb e5ad46db2651c1e3a57f876e28b426a7 141838 java optional zookeeper_3.4.9-3+deb9u1_all.deb d8081485be2cc1ca031d1a123a578f88 17396 java optional zookeeper_3.4.9-3+deb9u1_amd64.buildinfo 159f085f1b76a744fa08aec80daf04ad 43936 java optional zookeeperd_3.4.9-3+deb9u1_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlsMXMRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkGbMQAI39esR5CF5ni8TYE+9rwl1GhBoHk4FIkPPn e/aMmkYfmHP2X93RqDG322RgQBH/flmllTHIW56g9CbdG3j2pKSvVANN1NLYbKbI y3s7D85Idw+7Z633Q2TTmfVeNvGLKNVezaKVIodNsmK0cXA8zIXoabv3pYrvzaWT bf+JUXPRpsQkSYF1AluFoHwJeLoqyho/WoHYngongQ1VZOyzfjmLTbiG3umrNED6 pnzpzF4eb4zLxZQMIrwPeI7MrTbGrcCu4r8X9rQxeumbIy3SjTkfnCd2altrfcr4 Ja4WBKx+HMTghe4OiqwL5ilNxr+z+i81TF3RY27/GPJaGaKGBxQHYaG7oH8C54Wp /6gqrcNoLkjOWtu3+zGy/SF0wF0WZ/2wZKEGYfsQ+I1YSCqEXuZ7MB7cma4wwEip oS6yN6UeqtPEW8I+n8MJ3DSOUljNcr4oAdLBMgG7tnlx2wCXG5oaIBTSbdSV5dl4 A9O5D2rHZ/yGLAJvzkK+W/G2eb14g2p2FEVXx+rLPlL0HYWta7O+D4qG+U5e8D5S qCvCsIVbEc6V2ESw0sIIv0jyq4DKeBP/3Ugnzm5otNPhdR/eyrCXEaFjTTQFQlOh mMUc6ggB+hltAbxxQI3FN6g3SovxD+GUd829zibS5iVe43Kx8zo0VDlUIaFWAC4C Kz2zVLb/ =FbAp -----END PGP SIGNATURE-----
--- End Message ---
