svn commit: r451702 - head/security/vuxml
Steve Wills
swills at FreeBSD.org
Tue Oct 10 14:05:07 UTC 2017
Author: swills
Date: Tue Oct 10 14:05:06 2017
New Revision: 451702
URL: https://svnweb.freebsd.org/changeset/ports/451702
Log:
Document zookeeper issue
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Tue Oct 10 13:24:08 2017 (r451701)
+++ head/security/vuxml/vuln.xml Tue Oct 10 14:05:06 2017 (r451702)
@@ -58,6 +58,32 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="af61b271-9e47-4db0-a0f6-29fb032236a3">
+ <topic>zookeeper -- Denial Of Service</topic>
+ <affects>
+ <package>
+ <name>zookeeper</name>
+ <range><lt>3.4.10</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>zookeeper developers report:</p>
+ <blockquote cite="https://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370@%3Cdev.zookeeper.apache.org%3E">
+ <p>Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370@%3Cdev.zookeeper.apache.org%3E</url>
+ <cvename>CVE-2017-5637</cvename>
+ </references>
+ <dates>
+ <discovery>2017-10-09</discovery>
+ <entry>2017-10-10</entry>
+ </dates>
+ </vuln>
+
<vuln vid="9b5a905f-e556-452f-a00c-8f070a086181">
<topic>libtiff -- Improper Input Validation</topic>
<affects>
More information about the svn-ports-head
mailing list