b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

cassandra: 3.11.4 -> 3.11.9

Browse source 
Reason: Fixes CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability

Description:
It is possible for a local attacker without access to the Apache Cassandra
process or configuration files to manipulate the RMI registry to perform a
man-in-the-middle attack and capture user names and passwords used to access
the JMX interface. The attacker can then use these credentials to access
the JMX interface and perform unauthorised operations.

Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables
this issue to be exploited remotely.

3.11.x users should upgrade to 3.11.8
This commit is contained in:
Red Davies 2020-11-24 20:22:34 -05:00
parent 3b4fcbb5d1
commit 90d2986368
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pkgs/servers/nosql/cassandra/3.11.nix
View file

@ -1,6 +1,6 @@
{ callPackage, ... } @ args:
callPackage ./generic.nix (args // {
version = "3.11.4";
sha256 = "11wr0vcps8w8g2sd8qwp1yp8y873c4q32azc041xpi7zqciqwnax";
version = "3.11.9";
sha256 = "1ckaacc1z0j72llklrc4587ia6a0pab02bdyac6g3kl6kqvcz40c";
})