[Buildroot] [PATCH] ntp: security bump to version 4.2.8p11

Peter Korsgaard peter at korsgaard.com
Fri Mar 30 19:30:21 UTC 2018


>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:

 > Fixed or improved security issues:
 >   CVE-2016-1549 (fixed in 4.2.8p7; this release adds protection): A
 >   malicious authenticated peer can create arbitrarily-many ephemeral
 >   associations in order to win the clock selection algorithm

 >   CVE-2018-7182: Buffer read overrun leads to undefined behavior and
 >   information leak

 >   CVE-2018-7170: Multiple authenticated ephemeral associations

 >   CVE-2018-7184: Interleaved symmetric mode cannot recover from bad
 >   state

 >   CVE-2018-7185: Unauthenticated packet can reset authenticated
 >   interleaved association

 >   CVE-2018-7183: ntpq:decodearr() can write beyond its buffer limit

 > Drop patch #3. libntpq_a_CFLAGS now includes NTP_HARD_CFLAGS via
 > AM_CFLAGS.

 > Add license file hash.

 > Signed-off-by: Baruch Siach <baruch at tkos.co.il>

Committed to 2018.02.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list