Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

kea: 1.5.0 -> 1.5.0-P1 (security) #67672

Merged
merged 1 commit into from Aug 30, 2019
Merged

kea: 1.5.0 -> 1.5.0-P1 (security) #67672

merged 1 commit into from Aug 30, 2019

Conversation

andir
Copy link
Member

@andir andir commented Aug 29, 2019

Motivation for this change

Fixes:

Annoucement: https://www.openwall.com/lists/oss-security/2019/08/29/1

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc @fpletz

Fixes:

* CVE-2019-6472 affects the Kea DHCPv6 server, which can exit
  with an assertion failure if the DHCPv6 server process receives
  a request containing DUID value which is too large.
  (https://kb.isc.org/docs/cve-2019-6474)

* CVE-2019-6473 affects the Kea DHCPv4 server, which can exit with
  an assertion failure if it receives a packed containing a malformed
  option.  (https://kb.isc.org/docs/cve-2019-6473)

* CVE-2019-6474 can cause a condition where the server cannot be
  restarted without manual operator intervention to correct a problem
  that can be deliberately introduced into the stored leases.
  CVE-2019-6474 can only affect servers which are using memfile
  for lease storage.  (https://kb.isc.org/docs/cve-2019-6474)

Annoucement: https://www.openwall.com/lists/oss-security/2019/08/29/1
@andir
Copy link
Member Author

andir commented Aug 29, 2019

@GrahamcOfBorg build kea

@mmahut
Copy link
Member

mmahut commented Aug 30, 2019

Builds and runs fine, thank you.

@mmahut mmahut merged commit a2b8c83 into NixOS:master Aug 30, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants