[Bugs] [Bug 13350] New: [CVE 21] zookeeper 3.4.9 CVEs found

[bugzilla]

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13350

          Platform: 2021.1
            Bug ID: 13350
           Summary: [CVE 21] zookeeper 3.4.9 CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2017-5637,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: s.matveev на rosalinux.ru, y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package zookeeper version 3.4.9  
INFO (CVEs are): zookeeper 3.4.9 cves found
CVE-2017-5637
Desc: Two four letter word commands "wchp/wchc" are CPU intensive and could
cause spike of CPU utilization on Apache ZooKeeper server if abused, which
leads to the server unable to serve legitimate client requests. Apache
ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10,
3.5.3, and later.
Link: https://nvd.nist.gov/vuln/detail/CVE-2017-5637
Severity: HIGH

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230503/4e66191d/attachment.html>