Your message dated Sun, 03 Jun 2018 11:32:43 +0000 with message-id <e1fprfb-000bzr...@fasolo.debian.org> and subject line Bug#899332: fixed in zookeeper 3.4.9-3+deb8u1 has caused the Debian Bug report #899332, regarding CVE-2018-8012: Apache ZooKeeper Quorum Peer mutual authentication to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 899332: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899332 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: zookeeper X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Fixed: 3.4.10-1 Hi, The following vulnerability was published for zookeeper. CVE-2018-8012[0]: | No authentication/authorization is enforced when a server attempts to | join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha | through 3.5.3-beta. As a result an arbitrary end point could join the | cluster and begin propagating counterfeit changes to the leader. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-8012 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8012 Please adjust the affected versions in the BTS as needed. Regards, Markus
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---Source: zookeeper Source-Version: 3.4.9-3+deb8u1 We believe that the bug you reported is fixed in the latest version of zookeeper, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 899...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <a...@debian.org> (supplier of updated zookeeper package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 23 May 2018 22:34:43 +0200 Source: zookeeper Binary: libzookeeper-java zookeeper zookeeperd libzookeeper-java-doc libzookeeper-mt2 libzookeeper-st2 libzookeeper2 libzookeeper-mt-dev libzookeeper-st-dev zookeeper-bin python-zookeeper Architecture: source all amd64 Version: 3.4.9-3+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@debian.org> Description: libzookeeper-java - Core Java libraries for zookeeper libzookeeper-java-doc - API Documentation for zookeeper libzookeeper-mt-dev - Development files for multi threaded zookeeper C bindings libzookeeper-mt2 - Multi threaded C bindings for zookeeper libzookeeper-st-dev - Development files for single threaded zookeeper C bindings libzookeeper-st2 - Single threaded C bindings for zookeeper libzookeeper2 - C bindings for zookeeper - transitional package python-zookeeper - Python bindings for zookeeper zookeeper - High-performance coordination service for distributed application zookeeper-bin - Command line utilities for zookeeper zookeeperd - Init control scripts for zookeeper Closes: 899332 Changes: zookeeper (3.4.9-3+deb8u1) jessie-security; urgency=high . * Team upload. * Fix CVE-2018-8012: No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader. (Closes: #899332) Checksums-Sha1: 998a04487105c16bbe274e99492f5698caa6dcf0 3155 zookeeper_3.4.9-3+deb8u1.dsc d69f715874b0b10dfbc78628fce46efed124e6b0 85904 zookeeper_3.4.9-3+deb8u1.debian.tar.xz 26049d166ecff43d7f10a7bef0f2f849ecc96cba 1357160 libzookeeper-java_3.4.9-3+deb8u1_all.deb d4ad48201a4c49ea154c8853704bd5e1817c497f 141926 zookeeper_3.4.9-3+deb8u1_all.deb b45f8ea49c91439febd422e23a59e52b0453d2ca 44086 zookeeperd_3.4.9-3+deb8u1_all.deb e33dc030a7d615e4afff3bbcebb0076fa9eecf90 408444 libzookeeper-java-doc_3.4.9-3+deb8u1_all.deb 1605e7b097c67a8a91f2bb07fcd8ef8a640b5d1d 74838 libzookeeper-mt2_3.4.9-3+deb8u1_amd64.deb 2550b3a193d676ce20e69e4f37ea04756af7599c 72602 libzookeeper-st2_3.4.9-3+deb8u1_amd64.deb 35253bf9784d4f49360fa1b9adf295bafb5a75f9 40920 libzookeeper2_3.4.9-3+deb8u1_amd64.deb 03ca7858c1df8a72d31b286d843f57e9b05d1d23 90550 libzookeeper-mt-dev_3.4.9-3+deb8u1_amd64.deb 1471c24202d401496b2b4a8102dad80fe643d227 88028 libzookeeper-st-dev_3.4.9-3+deb8u1_amd64.deb 8ad92ac4cea89eae9990a17d427cd3074ea97b8c 91760 zookeeper-bin_3.4.9-3+deb8u1_amd64.deb 3fbbd1781e91f483814d33ce3c4d74795ed4bfd6 58006 python-zookeeper_3.4.9-3+deb8u1_amd64.deb Checksums-Sha256: 8ec6d971241071d124e6d8f7b51de89a8ea3c0f68a1d6a9e3e7bc805fef6cd21 3155 zookeeper_3.4.9-3+deb8u1.dsc 79ff86a628a465119740dad2ca0e1002785f2dd91ffc33b294b11a9dc39cf2be 85904 zookeeper_3.4.9-3+deb8u1.debian.tar.xz b2ad50d47b6933416aeaa67632268b2219ab67f5eaf0f6bb6cf0e96b33a30044 1357160 libzookeeper-java_3.4.9-3+deb8u1_all.deb dbeaf2c75018dcaee1c4fd3f6a32432923f63960125f123a5ffd7895b2e93d57 141926 zookeeper_3.4.9-3+deb8u1_all.deb 38adcc83453c256495f519bf20e5f132bd5d62b6717ebfed02d350dec42b85be 44086 zookeeperd_3.4.9-3+deb8u1_all.deb d9d1ba25fb1c7484cbb00217457eef4e22c084ed5446f416201f79fb12a49a93 408444 libzookeeper-java-doc_3.4.9-3+deb8u1_all.deb 38462062d49522a8e28b7e5983395f1f45d33ce1f10fc1eba639414fb233df0f 74838 libzookeeper-mt2_3.4.9-3+deb8u1_amd64.deb f1a4216114a14deb41615257084f231660a4d549090648bc36ad8174c16beb2a 72602 libzookeeper-st2_3.4.9-3+deb8u1_amd64.deb d0965ca6bde5aaf03cdf583d1531e194866cd53dd4c0211ac21a94cab7cf620c 40920 libzookeeper2_3.4.9-3+deb8u1_amd64.deb 8cab63a20f17cb754da6e0fd5d755038016559750a17ba185e3c7571180b48a9 90550 libzookeeper-mt-dev_3.4.9-3+deb8u1_amd64.deb 892fe5ae3fb1bfe7657f8c5349ec808a4405750cb29d043d384ddbf92fcf0525 88028 libzookeeper-st-dev_3.4.9-3+deb8u1_amd64.deb ca4161783944388f7dfb8f49474035c3ab851ac65c4e44c0b7b448bffbd3115f 91760 zookeeper-bin_3.4.9-3+deb8u1_amd64.deb 143f0ab0127c202a19510268148b88f76fd2447a102e689a163f0d2c30edc39d 58006 python-zookeeper_3.4.9-3+deb8u1_amd64.deb Files: 2158e4fda7db8d01e371db0be8377588 3155 java optional zookeeper_3.4.9-3+deb8u1.dsc ea992dd38e5a1605ea1f681d77c9209e 85904 java optional zookeeper_3.4.9-3+deb8u1.debian.tar.xz 31601185873292c095e51eed348ff552 1357160 java optional libzookeeper-java_3.4.9-3+deb8u1_all.deb 6ac297b10a1d9673c275b6e65fd4e0c5 141926 java optional zookeeper_3.4.9-3+deb8u1_all.deb e07182c59c98a59025a57de78be26f54 44086 java optional zookeeperd_3.4.9-3+deb8u1_all.deb d8b23e6ac84d95fcdf6e8f1dd58567b9 408444 doc optional libzookeeper-java-doc_3.4.9-3+deb8u1_all.deb cb74d4076d8058a6e817fa7aec10e271 74838 libs optional libzookeeper-mt2_3.4.9-3+deb8u1_amd64.deb 80ec7160cc68944c6bbd96d1087d4cc1 72602 libs optional libzookeeper-st2_3.4.9-3+deb8u1_amd64.deb f7ba3dbb225e4ef04ce1d716e9230116 40920 oldlibs extra libzookeeper2_3.4.9-3+deb8u1_amd64.deb 0a8018b54a824260322a74907aa2092b 90550 libdevel optional libzookeeper-mt-dev_3.4.9-3+deb8u1_amd64.deb 0d927229e2afadaf8a8b6cbc10ef3213 88028 libdevel optional libzookeeper-st-dev_3.4.9-3+deb8u1_amd64.deb e74ebe8f70b17927b937a7a5a8b4a71a 91760 misc optional zookeeper-bin_3.4.9-3+deb8u1_amd64.deb d6e812a07d483961276c7bee68611ed3 58006 python optional python-zookeeper_3.4.9-3+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlsPA/1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HktAwQAMhrghjDgu9vsGUb94i1OncSbiWrsQxxaYf/ n6aW9gIdNkIlGt3RuTZeteteHY8r4s9FsPhHQk58d4ORwnLdpU8qykMjEOYJXxQO 0ESWeRjV+5HFsHHtkP/t2e0bWWe0C+3JvZyq+4c+ByoLj7HcDjAFLlRI9jMHEdmB DmTOSXrRM8K/8JvhQoB3HjWeNyA+Vz1J6+VsGw57wGjkCMmPKp026rz61MX0FeXH Yckoae7xodc1BFs7V2wwttbZSkTP5GYsH0l9RkQWJIwea4OO2IFaO/Ice26GhPB0 Sywj/6mre3AnYNlHDGxqBYbwfGeMZMVNr9gd7U+0fq8GYzPrijTMGEJP+qhKn+kN zYa6vEAXRnJE/xHb9HCBjk/LZVpON9GCLXukz60PquhaiA8HX4AKPj1vr0vCPUwb y0YVK0BY6aa6C5hMFj+iEUX2mze8Sr2IDZCBMQOYBEdpsswAMBhx40CxaFXjRISo Xq/zGFYvWriAi6oAuOyo0lmni1aw1dt41uIS4Zy9fnpA6zYWidcqUXBAmpymH2oV ih4zGkvPFH0zPUQgkMlLBqZ+URyF2Di8GuYBp6vyDLjkcb075ggadKMhexqt8bXX y6r1dsmPn2qh15bC22TJv5m9RcLK/a8fw027JTZor587yxYIiB0+DyHS59gy9PUt 0V0uPLHT =m2l/ -----END PGP SIGNATURE-----
--- End Message ---
