[Buildroot] [PATCH] ntp: security bump to version 4.2.8p11
Peter Korsgaard
peter at korsgaard.com
Fri Mar 30 19:30:21 UTC 2018
>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:
> Fixed or improved security issues:
> CVE-2016-1549 (fixed in 4.2.8p7; this release adds protection): A
> malicious authenticated peer can create arbitrarily-many ephemeral
> associations in order to win the clock selection algorithm
> CVE-2018-7182: Buffer read overrun leads to undefined behavior and
> information leak
> CVE-2018-7170: Multiple authenticated ephemeral associations
> CVE-2018-7184: Interleaved symmetric mode cannot recover from bad
> state
> CVE-2018-7185: Unauthenticated packet can reset authenticated
> interleaved association
> CVE-2018-7183: ntpq:decodearr() can write beyond its buffer limit
> Drop patch #3. libntpq_a_CFLAGS now includes NTP_HARD_CFLAGS via
> AM_CFLAGS.
> Add license file hash.
> Signed-off-by: Baruch Siach <baruch at tkos.co.il>
Committed to 2018.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list