-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : zookeeper Version : 3.3.5+dfsg1-2+deb7u1 CVE ID : CVE-2016-5017
Lyon Yang discovered that the C client shells cli_st and cli_mt of Apache Zookeeper, a high-performance coordination service for distributed applications, were affected by a buffer overflow vulnerability associated with parsing of the input command when using the "cmd:" batch mode syntax. If the command string exceeds 1024 characters a buffer overflow will occur. For Debian 7 "Wheezy", these problems have been fixed in version 3.3.5+dfsg1-2+deb7u1. We recommend that you upgrade your zookeeper packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJX3vCXXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1Hk8qYQAKqV96KYgNa88w18xivj3itK hedRa1m/by0sncnxKzNnr57VQlRwoarRfGGaLAZm+H8TdlP84DWUTA0NeS29rzqE IxO1Jb5O5vB7JFxIymKzlZKQf7D2N8pFF+46dv2fyigfNppuZe8b/8sbB4W5Y6Us 9TuK+bVC8Yu1MOGugP4UHb/KUQgPPz2sPhJW/l1Qt7DeogNAs5CRgrSrKCOHt4Ct ScQKMyIJR/tXTj1TF6mRT5meEg7QFvxAq/EQ+uq0+WR5jiHIiBJe5ZMlU3xAz22T NKmqbgrBSW4KdzNMiEO8GFd1UvvQujByzmn2LxnXw7IRTU/oUxOZ0ODvs1YSzFrs MPaC1ITJon1LTud70nw1yyZhgaP2YFPFjqi0YFSnWekQqQDOw9zGmS1EnETsrr7l /wJGEdTcoRWzrxmYEXp0yrySW6sDzaF9iCZwcO7dX2UmM3tp+wPWSqlmKI4CIwsh 7+LDeR5+yViESVdWoGPBBZzsPDGkjJ9D+cu748s54ubZtOx1eC0Jl735ZufRTrCf OiYQL05oNFDydvVukRCFKR0JkgwTZA+yCVG7taUfW8aPlOlFv4x6OektOiRFwAOk Bk1sIbRoA2lYkFmattUC6wxoOKKdm96tnzI3CKB/sKyZyG5+H3ISEUKhA3aITzqE ONfmeTq8B8neSF9A35OP =hAsR -----END PGP SIGNATURE-----