-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 28 Oct 2023 23:16:44 +0200 Source: zookeeper Architecture: source Version: 3.4.13-6+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Pierre Gruet <pgt@debian.org> Closes: 1054224 Changes: zookeeper (3.4.13-6+deb11u1) bullseye-security; urgency=medium . * Team upload: - CVE-2023-44981: Prevent a potential authorisation bypass vulnerability. If SASL Quorum Peer authentication was enabled (via quorum.auth.enableSasl), authorisation was performed by verifying that the instance part in the SASL authentication ID was listed in the zoo.cfg server list. However, this value is optional, and, if missing (such as in 'eve@EXAMPLE.COM'), the authorisation check will be skipped. As a result, an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree. (Closes: #1054224) Checksums-Sha1: cd54ff6306b6f2053cfb4020a9159d1aa1624059 3041 zookeeper_3.4.13-6+deb11u1.dsc 8d1fed2574e8645060154fcffdf7918ea5858377 1970528 zookeeper_3.4.13.orig.tar.xz b650c655fd9b27811042e89fd48816a5fe08272d 63300 zookeeper_3.4.13-6+deb11u1.debian.tar.xz fdebce856845a509f7097da27586d02a58cecffe 19074 zookeeper_3.4.13-6+deb11u1_amd64.buildinfo Checksums-Sha256: 4c871960c79a09b9bbee6ef720deefb83a6be56414e23c5f77e18edadee04529 3041 zookeeper_3.4.13-6+deb11u1.dsc 4f303a575a3e981d5ef8fe43a4fec157f320841a502eff96ae7cda902c278d2f 1970528 zookeeper_3.4.13.orig.tar.xz ea9f1710fce0a0f9913d0fb814d096d8805dab70fece5b087893be2a5c11e94e 63300 zookeeper_3.4.13-6+deb11u1.debian.tar.xz 83b9c92db65d92eab232871e6189c971264765d304120d1c6efd9a8a3be341ae 19074 zookeeper_3.4.13-6+deb11u1_amd64.buildinfo Files: 4aea6814b61fd728b90990f2d86467b1 3041 java optional zookeeper_3.4.13-6+deb11u1.dsc a9fc5be7cbdeef5fb41bb87d58ce41bd 1970528 java optional zookeeper_3.4.13.orig.tar.xz 0304ab044c5a96385ea1544f4d2ffabc 63300 java optional zookeeper_3.4.13-6+deb11u1.debian.tar.xz 6b7810d9a65d8bd8d8ff367fe53bdff7 19074 java optional zookeeper_3.4.13-6+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEM8soQxPpC9J9y0UjYAMWptwndHYFAmU/tiYACgkQYAMWptwn dHbFpxAAqjdkZM/UnHXcJ1heimeWZmGVBx1eJGAB2tec7aLsL3YWmP99sQuD18LN FgaEIOj+54LaFxLyPAup0paCGoDH4kAXEYWWtyjaSX/+oCvOq8UCB0XxBaExs3q1 B0g5KMi2pL4WiK/WKee62PSRGSEVFiYDkuAqIElVK+19EwUotDxHDVZUU2bjNpsi lkj6vGWU+5Whosk2JaIr6ixejMKBHDA6bYA++xnpO0SQuAekaWyqMXyAnkPJvOiw octHwUgltAgBL0x6mwSsoa6J+09AxEY8MoDDUzegloDJ067a2dAOVK6N0JSQ0WHL EhM2RjlaqczVs01EACToyHp/G5OdKuwErbkCHI/xSxMqJgVcnmj9S93fKsHoKcoO aqJeDgTfRtFAx5c477vVzGBtIe87wFq6RWbs7pNM1vY+V7rbYMPkpvcOHfmkEDra gjJ7Uc7McpUv3s6WdVdrh0uINiVH1RcZNhyZajyjw2lP4qCXU9ohXBtQXEpRklkq RyZ/mozw1KpfXCROlrctf3pAeogIOt+dAtX7FqTVE8y//yJiDOe1lIzk+Lw4B6lm sBKGuraMR4roCVXpfAVwj3E1tnHmtjjnDBRLgMG0pRo4YbmNGCMckQIbik20dyR5 WXNIMsTNnEFaVgyAFPY3J5yYMiihMho50f5VLp5kSOaDLBgUqus= =CYax -----END PGP SIGNATURE-----