CVE-2019-0201 : Debian has Released Security Update for zookeeper

Debian has released security update for zookeeper package.

This release fixes vulnerability against zookeeper package.

Date Reported: 20-May-2019

Fix Released On: 12-June-2019

Severity Level: Medium

Affected Packages: zookeeper

Affected Operating System & Version:

  • Debian 8 (Jessie)
  • Debian 9 (Stretch)

Details:

Harrison Neil discovered that the getACL() command in Zookeeper, a service for maintaining configuration information, did not validate permissions, which could result in information disclosure.

It’s recommended to update the zookeeper package ASAP.

For more details about the security issues, and other related information, refer to the CVE pages.

Debian Security Advisory References:

Security Database References (CVE):

Solution:

  • These issue have been fixed on Debian 9 (Stretch) in version 3.4.9-3+deb9u2.
  • These issue have been fixed on Debian 8 (Jessie) in version 3.4.9-3+deb8u2.

Run the following command to install the above updates.

$ sudo apt install --only-upgrade zookeeper
or
$ sudo apt-install unattended-upgrades

The installed security fixes can be verified in the package change log using the following methods.

Using manual method.

$ zgrep -i "CVE-2019-0201" /usr/share/doc/zookeeper/changelog.Debian.gz

Using debsecan command.

$ debsecan | grep CVE-2019-0201

Leave a Reply

Your email address will not be published. Required fields are marked *