[Buildroot] [PATCH] ntp: security bump to version 4.2.8p7
Peter Korsgaard
peter at korsgaard.com
Mon May 2 15:19:33 UTC 2016
>>>>> "Gustavo" == Gustavo Zacarias <gustavo at zacarias.com.ar> writes:
> Fixes:
> CVE-2016-1551 - Refclock impersonation vulnerability, AKA:
> refclock-peering
> CVE-2016-1549 - Sybil vulnerability: ephemeral association attack, AKA:
> ntp-sybil - MITIGATION ONLY
> CVE-2016-2516 - Duplicate IPs on unconfig directives will cause an
> assertion botch
> CVE-2016-2517 - Remote configuration trustedkey/requestkey values are not
> properly validated
> CVE-2016-2518 - Crafted addpeer with hmode > 7 causes array wraparound
> with MATCH_ASSOC
> CVE-2016-2519 - ctl_getitem() return value not always checked
> CVE-2016-1547 - Validate crypto-NAKs, AKA: nak-dos
> CVE-2016-1548 - Interleave-pivot - MITIGATION ONLY
> CVE-2015-7704 - KoD fix: peer associations were broken by the fix for
> NtpBug2901, AKA: Symmetric active/passive mode is broken
> CVE-2015-8138 - Zero Origin Timestamp Bypass, AKA: Additional KoD Checks
> CVE-2016-1550 - Improve NTP security against buffer comparison timing
> attacks, authdecrypt-timing, AKA: authdecrypt-timing
> Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list