From e6e3270bd44ddc7d94df6b054a1e4e543055ca05 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Thu, 29 Aug 2019 10:34:36 +0200 Subject: [PATCH] kea: 1.5.0 -> 1.5.0-P1 (security) Fixes: * CVE-2019-6472 affects the Kea DHCPv6 server, which can exit with an assertion failure if the DHCPv6 server process receives a request containing DUID value which is too large. (https://kb.isc.org/docs/cve-2019-6474) * CVE-2019-6473 affects the Kea DHCPv4 server, which can exit with an assertion failure if it receives a packed containing a malformed option. (https://kb.isc.org/docs/cve-2019-6473) * CVE-2019-6474 can cause a condition where the server cannot be restarted without manual operator intervention to correct a problem that can be deliberately introduced into the stored leases. CVE-2019-6474 can only affect servers which are using memfile for lease storage. (https://kb.isc.org/docs/cve-2019-6474) Annoucement: https://www.openwall.com/lists/oss-security/2019/08/29/1 --- pkgs/tools/networking/kea/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/networking/kea/default.nix b/pkgs/tools/networking/kea/default.nix index a1c156475fb4..0d1bd462d3b4 100644 --- a/pkgs/tools/networking/kea/default.nix +++ b/pkgs/tools/networking/kea/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation rec { name = "${pname}-${version}"; pname = "kea"; - version = "1.5.0"; + version = "1.5.0-P1"; src = fetchurl { url = "https://ftp.isc.org/isc/${pname}/${version}/${name}.tar.gz"; - sha256 = "1v5a3prgrplw6dp9124f9gpy0kz0jrjwhnvzrw3zcynad2mlzkpd"; + sha256 = "0bqxzp3f7cmraa5davj2az1hx1gbbchqzlz3ai26c802agzafyhz"; }; patches = [ ./dont-create-var.patch ];