Date: Tue, 10 Oct 2017 14:05:06 +0000 (UTC) From: Steve Wills <swills@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r451702 - head/security/vuxml Message-ID: <201710101405.v9AE56wI011382@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: swills Date: Tue Oct 10 14:05:06 2017 New Revision: 451702 URL: https://svnweb.freebsd.org/changeset/ports/451702 Log: Document zookeeper issue Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Oct 10 13:24:08 2017 (r451701) +++ head/security/vuxml/vuln.xml Tue Oct 10 14:05:06 2017 (r451702) @@ -58,6 +58,32 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="af61b271-9e47-4db0-a0f6-29fb032236a3"> + <topic>zookeeper -- Denial Of Service</topic> + <affects> + <package> + <name>zookeeper</name> + <range><lt>3.4.10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>zookeeper developers report:</p> + <blockquote cite="https://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370@%3Cdev.zookeeper.apache.org%3E">; + <p>Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.</p> + </blockquote> + </body> + </description> + <references> + <url>https://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370@%3Cdev.zookeeper.apache.org%3E</url>; + <cvename>CVE-2017-5637</cvename> + </references> + <dates> + <discovery>2017-10-09</discovery> + <entry>2017-10-10</entry> + </dates> + </vuln> + <vuln vid="9b5a905f-e556-452f-a00c-8f070a086181"> <topic>libtiff -- Improper Input Validation</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201710101405.v9AE56wI011382>