chn/nixpkgs
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixpkgs.git synced 2026-01-13 11:30:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

cassandra_3_0: 3.0.17 -> 3.0.23

Browse Source 
Reason: Fixes CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability

Description:
It is possible for a local attacker without access to the Apache Cassandra
process or configuration files to manipulate the RMI registry to perform a
man-in-the-middle attack and capture user names and passwords used to access
the JMX interface. The attacker can then use these credentials to access
the JMX interface and perform unauthorised operations.

Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables
this issue to be exploited remotely.

3.0.x users should upgrade to 3.0.22

(cherry picked from commit 1431c3cc60)
This commit is contained in:
Red Davies
2020-11-24 21:21:56 -05:00
committed by Robert Hensing
parent e8a9922502
commit 3ede26bf06
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkgs/servers/nosql/cassandra/3.0.nix
View File

@@ -1,6 +1,6 @@
{ callPackage, ... } @ args:
callPackage ./generic.nix (args // {
version = "3.0.17";
sha256 = "0568r5xdy78pl29zby5g4m9qngf29cb9222sc1q1wisapb7zkl2p";
version = "3.0.23";
sha256 = "0cbia20bggq85q2p6gsybw045qdfqxd5xv8ihppq1hwl21sb2klz";
})