* [Buildroot] [PATCH] ntp: security bump to version 4.2.8p6
@ 2016-01-20 13:18 Gustavo Zacarias
2016-01-20 14:44 ` Peter Korsgaard
0 siblings, 1 reply; 2+ messages in thread
From: Gustavo Zacarias @ 2016-01-20 13:18 UTC (permalink / raw)
To: buildroot
CVE-2015-7973 - Deja Vu: Replay attack on authenticated broadcast mode
CVE-2015-7974 - Skeleton Key: Missing key check allows impersonation
between authenticated peers
CVE-2015-7975 - nextvar() missing length check
CVE-2015-7976 - ntpq saveconfig command allows dangerous characters in
filenames
CVE-2015-7977 - reslist NULL pointer dereference
CVE-2015-7978 - Stack exhaustion in recursive traversal of restriction
list
CVE-2015-7979 - Off-path Denial of Service (DoS) attack on authenticated
broadcast mode
CVE-2015-8137 - origin: Zero Origin Timestamp Bypass
CVE-2015-8158 - Potential Infinite Loop in ntpq
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
package/ntp/ntp.hash | 6 +++---
package/ntp/ntp.mk | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/ntp/ntp.hash b/package/ntp/ntp.hash
index a98b2e2..0c2c29d 100644
--- a/package/ntp/ntp.hash
+++ b/package/ntp/ntp.hash
@@ -1,4 +1,4 @@
-# From http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p5.tar.gz.md5
-md5 9f02b2a0acc1617ce2716d529a58d2d8 ntp-4.2.8p5.tar.gz
+# From http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p6.tar.gz.md5
+md5 60049f51e9c8305afe30eb22b711c5c6 ntp-4.2.8p6.tar.gz
# Calculated based on the hash above
-sha256 ca28baf4f6bb6fabdc1b62fd1dcec412be2e621192b40466a469a2496164f696 ntp-4.2.8p5.tar.gz
+sha256 583d0e1c573ace30a9c6afbea0fc52cae9c8c916dbc15c026e485a0dda4ba048 ntp-4.2.8p6.tar.gz
diff --git a/package/ntp/ntp.mk b/package/ntp/ntp.mk
index c86000a..7e1e87f 100644
--- a/package/ntp/ntp.mk
+++ b/package/ntp/ntp.mk
@@ -5,7 +5,7 @@
################################################################################
NTP_VERSION_MAJOR = 4.2
-NTP_VERSION = $(NTP_VERSION_MAJOR).8p5
+NTP_VERSION = $(NTP_VERSION_MAJOR).8p6
NTP_SITE = http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-$(NTP_VERSION_MAJOR)
NTP_DEPENDENCIES = host-pkgconf libevent $(if $(BR2_PACKAGE_BUSYBOX),busybox)
NTP_LICENSE = ntp license
--
2.4.10
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [Buildroot] [PATCH] ntp: security bump to version 4.2.8p6
2016-01-20 13:18 [Buildroot] [PATCH] ntp: security bump to version 4.2.8p6 Gustavo Zacarias
@ 2016-01-20 14:44 ` Peter Korsgaard
0 siblings, 0 replies; 2+ messages in thread
From: Peter Korsgaard @ 2016-01-20 14:44 UTC (permalink / raw)
To: buildroot
>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:
> CVE-2015-7973 - Deja Vu: Replay attack on authenticated broadcast mode
> CVE-2015-7974 - Skeleton Key: Missing key check allows impersonation
> between authenticated peers
> CVE-2015-7975 - nextvar() missing length check
> CVE-2015-7976 - ntpq saveconfig command allows dangerous characters in
> filenames
> CVE-2015-7977 - reslist NULL pointer dereference
> CVE-2015-7978 - Stack exhaustion in recursive traversal of restriction
> list
> CVE-2015-7979 - Off-path Denial of Service (DoS) attack on authenticated
> broadcast mode
> CVE-2015-8137 - origin: Zero Origin Timestamp Bypass
> CVE-2015-8158 - Potential Infinite Loop in ntpq
Wow :/
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-01-20 14:44 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-01-20 13:18 [Buildroot] [PATCH] ntp: security bump to version 4.2.8p6 Gustavo Zacarias
2016-01-20 14:44 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.