Lightning Network Casa Node

[IMPORTANT] CVE-2019-12999: Lightning Network security vulnerability

by Brian Lockhart 1 min read

Highest overall severity: Critical

Summary:

A vulnerability in the LND implementation of Lightning Network has been discovered. All Casa Nodes need to be updated to the September 10, 2019 software update immediately to remain secure.

Changes included in this update:

Updating LND to version 0.7.1.

The following CVEs have been addressed in this update:

  • CVE-2019-12999 - (full details here were released on Friday September 27, 2019)

Change log available here.

Impact:

This vulnerability can potentially result in funds held in Lightning Network channels being lost.


Products and Versions:

All Casa Nodes running on versions older than the September 10, 2019 update.

Further reading:

https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002148.html

https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html

NIST NVD further details:

Full details for CVE-2019-12999 will be released on 2019-09-27, please update your Casa node well before then.

Read more posts by this author

Brian Lockhart

Product @CasaHODL| @SatsApp SatsTag = $@brian

The link has been copied!
You’ve successfully subscribed to Casa Blog
Welcome back! You’ve successfully signed in.
Great! You’ve successfully signed up.
Your link has expired
Success! Check your email for magic link to sign-in.