* [Buildroot] [PATCH 1/1] package/ntp: security bump to version 4.2.8p12
@ 2018-10-10 9:03 Artyom Panfilov
2018-10-10 19:29 ` Thomas Petazzoni
2018-10-23 23:05 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Artyom Panfilov @ 2018-10-10 9:03 UTC (permalink / raw)
To: buildroot
Release notes:
https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12
Fixed security issues:
CVE-2016-1549 / CVE-2018-7170: Sybil vulnerability: ephemeral association
attack
CVE-2018-12327: The openhost() function used during command-line hostname
processing by ntpq and ntpdc can write beyond its buffer limit
Signed-off-by: Artem Panfilov <apanfilov@spectracom.com>
---
package/ntp/ntp.hash | 2 +-
package/ntp/ntp.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/ntp/ntp.hash b/package/ntp/ntp.hash
index ea86c1586f..02dbaffcba 100644
--- a/package/ntp/ntp.hash
+++ b/package/ntp/ntp.hash
@@ -1,5 +1,5 @@
# From https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p11.tar.gz.md5
md5 00950ca2855579541896513e78295361 ntp-4.2.8p11.tar.gz
# Calculated based on the hash above
-sha256 f14a39f753688252d683ff907035ffff106ba8d3db21309b742e09b5c3cd278e ntp-4.2.8p11.tar.gz
+sha256 709b222b5013d77d26bfff532b5ea470a8039497ef29d09363931c036cb30454 ntp-4.2.8p12.tar.gz
sha256 62c87b269365b38b55359b16dfde7ec28c683c722ef489db90afd0f2e478e4a1 COPYRIGHT
diff --git a/package/ntp/ntp.mk b/package/ntp/ntp.mk
index 674c368395..af3c1aad9f 100644
--- a/package/ntp/ntp.mk
+++ b/package/ntp/ntp.mk
@@ -5,7 +5,7 @@
################################################################################
NTP_VERSION_MAJOR = 4.2
-NTP_VERSION = $(NTP_VERSION_MAJOR).8p11
+NTP_VERSION = $(NTP_VERSION_MAJOR).8p12
NTP_SITE = https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-$(NTP_VERSION_MAJOR)
NTP_DEPENDENCIES = host-pkgconf libevent
NTP_LICENSE = NTP
--
2.17.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/ntp: security bump to version 4.2.8p12
2018-10-10 9:03 [Buildroot] [PATCH 1/1] package/ntp: security bump to version 4.2.8p12 Artyom Panfilov
@ 2018-10-10 19:29 ` Thomas Petazzoni
2018-10-23 23:05 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni @ 2018-10-10 19:29 UTC (permalink / raw)
To: buildroot
Hello,
On Wed, 10 Oct 2018 09:03:05 +0000, Artyom Panfilov wrote:
> Release notes:
> https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12
>
> Fixed security issues:
>
> CVE-2016-1549 / CVE-2018-7170: Sybil vulnerability: ephemeral association
> attack
>
> CVE-2018-12327: The openhost() function used during command-line hostname
> processing by ntpq and ntpdc can write beyond its buffer limit
>
> Signed-off-by: Artem Panfilov <apanfilov@spectracom.com>
> ---
> package/ntp/ntp.hash | 2 +-
> package/ntp/ntp.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/ntp: security bump to version 4.2.8p12
2018-10-10 9:03 [Buildroot] [PATCH 1/1] package/ntp: security bump to version 4.2.8p12 Artyom Panfilov
2018-10-10 19:29 ` Thomas Petazzoni
@ 2018-10-23 23:05 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2018-10-23 23:05 UTC (permalink / raw)
To: buildroot
>>>>> "Artyom" == Artyom Panfilov <apanfilov@spectracom.com> writes:
> Release notes:
> https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12
> Fixed security issues:
> CVE-2016-1549 / CVE-2018-7170: Sybil vulnerability: ephemeral association
> attack
> CVE-2018-12327: The openhost() function used during command-line hostname
> processing by ntpq and ntpdc can write beyond its buffer limit
> Signed-off-by: Artem Panfilov <apanfilov@spectracom.com>
Committed to 2018.02.x and 2018.08.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-10-23 23:05 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-10-10 9:03 [Buildroot] [PATCH 1/1] package/ntp: security bump to version 4.2.8p12 Artyom Panfilov
2018-10-10 19:29 ` Thomas Petazzoni
2018-10-23 23:05 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox