- Vulnerability/
- USN-6559-1
USN-6559-1: ZooKeeper vulnerabilities
First published: Tue Jan 16 2024(Updated: )
It was discovered that ZooKeeper incorrectly handled authorization for the getACL() command. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2019-0201) Damien Diederen discovered that ZooKeeper incorrectly handled authorization if SASL Quorum Peer authentication is enabled. An attacker could possibly use this issue to bypass ZooKeeper's authorization system. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-44981)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libzookeeper-java | <3.8.0-11ubuntu0.1 | 3.8.0-11ubuntu0.1 |
| Ubuntu | =23.10 | |
| All of | ||
| ubuntu/libzookeeper-java | <3.8.0-10ubuntu0.1 | 3.8.0-10ubuntu0.1 |
| Ubuntu | =23.04 | |
| All of | ||
| ubuntu/libzookeeper-java | <3.4.13-6ubuntu4.1 | 3.4.13-6ubuntu4.1 |
| Ubuntu | =22.04 | |
| All of | ||
| ubuntu/libzookeeper-java | <3.4.13-5ubuntu0.1 | 3.4.13-5ubuntu0.1 |
| Ubuntu | =20.04 | |
| All of | ||
| ubuntu/libzookeeper-java | <3.4.13-3ubuntu0.1~esm1 | 3.4.13-3ubuntu0.1~esm1 |
| Ubuntu | =18.04 | |
| All of | ||
| ubuntu/libzookeeper-java | <3.4.8-1ubuntu0.1~esm2 | 3.4.8-1ubuntu0.1~esm2 |
| Ubuntu | =16.04 | |
| All of | ||
| ubuntu/libzookeeper-java | <3.4.5+dfsg-1ubuntu0.1~esm3 | 3.4.5+dfsg-1ubuntu0.1~esm3 |
| Ubuntu | =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2023-44981
- https://ubuntu.com/security/CVE-2019-0201
- https://launchpad.net/ubuntu/+source/zookeeper/3.8.0-11ubuntu0.1
- https://launchpad.net/ubuntu/+source/zookeeper/3.8.0-10ubuntu0.1
- https://launchpad.net/ubuntu/+source/zookeeper/3.4.13-6ubuntu4.1
- https://launchpad.net/ubuntu/+source/zookeeper/3.4.13-5ubuntu0.1
- https://ubuntu.com/security/notices/USN-6559-1 (Advisory)
Frequently Asked Questions
What is the severity of USN-6559-1?
The severity of USN-6559-1 is considered to be potentially high due to the risk of sensitive information disclosure.
How do I fix USN-6559-1?
To fix USN-6559-1, upgrade the libzookeeper-java package to the recommended version based on your Ubuntu release.
Who is affected by USN-6559-1?
USN-6559-1 affects users of Ubuntu 14.04 LTS, 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, 23.04, and 23.10 using the vulnerable version of libzookeeper-java.
What is CVE-2019-0201 in relation to USN-6559-1?
CVE-2019-0201 is the identifier for the vulnerability addressed in USN-6559-1 related to improper handling of authorization in ZooKeeper.
Can a remote attacker exploit USN-6559-1?
Yes, a remote attacker could exploit USN-6559-1 to obtain sensitive information through the affected getACL() command.
- agent/severity
- agent/title
- agent/references
- agent/last-modified-date
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu
- version/ubuntu/23.10
- version/ubuntu/23.04
- version/ubuntu/22.04
- version/ubuntu/20.04
- version/ubuntu/18.04
- version/ubuntu/16.04
- version/ubuntu/14.04