Maximizing personal sovereignty and safety.

Highest overall severity: Critical

Summary:

A vulnerability in the LND implementation of Lightning Network has been discovered. All Casa Nodes need to be updated to the September 10, 2019 software update immediately to remain secure.

Changes included in this update:

Updating LND to version 0.7.1.

The following CVEs have been addressed in this update:

  • CVE-2019-12999 - (full details to be released on Friday September 27, 2019)

Change log available here.

Impact:

This vulnerability can potentially result in funds held in Lightning Network channels being lost.


Products and Versions:

All Casa Nodes running on versions older than the September 10, 2019 update.

Further reading:

https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002148.html

NIST NVD further details:

Full details for CVE-2019-12999 will be released on 2019-09-27, please update your Casa node well before then.