DSA-3871-1 zookeeper -- zookeeperID: oval:org.secpod.oval:def:602915 | Date: (C)2017-06-02 (M)2023-12-20 |
Class: PATCH | Family: unix |
It was discovered that Zookeeper, a service for maintaining configuration information, didn"t restrict access to the computationally expensive wchp/wchc commands which could result in denial of service by elevated CPU consumption. This update disables those two commands by default. The new configuration option "4lw.commands.whitelist" can be used to whitelist commands selectively
Product: |
zookeeper |
libzookeeper-mt-dev |
libzookeeper-st-dev |
libzookeeper-java-doc |