Debian has released security update for zookeeper package.
This release fixes vulnerability against zookeeper package.
Date Reported: 20-May-2019
Fix Released On: 12-June-2019
Severity Level: Medium
Affected Packages: zookeeper
Affected Operating System & Version:
- Debian 8 (Jessie)
- Debian 9 (Stretch)
Details:
Harrison Neil discovered that the getACL() command in Zookeeper, a service for maintaining configuration information, did not validate permissions, which could result in information disclosure.
It’s recommended to update the zookeeper package ASAP.
For more details about the security issues, and other related information, refer to the CVE pages.
Debian Security Advisory References:
Security Database References (CVE):
Solution:
- These issue have been fixed on Debian 9 (Stretch) in version 3.4.9-3+deb9u2.
- These issue have been fixed on Debian 8 (Jessie) in version 3.4.9-3+deb8u2.
Run the following command to install the above updates.
$ sudo apt install --only-upgrade zookeeper or $ sudo apt-install unattended-upgrades
The installed security fixes can be verified in the package change log using the following methods.
Using manual method.
$ zgrep -i "CVE-2019-0201" /usr/share/doc/zookeeper/changelog.Debian.gz
Using debsecan command.
$ debsecan | grep CVE-2019-0201
