This release addresses five security issues in ntpd:
LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability:
ephemeral association attack
INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer read
overrun leads to undefined behavior and information leak
LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated ephemeral
associations
LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode cannot
recover from bad state
LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet can
reset authenticated interleaved association
one security issue in ntpq:
MEDIUM: Sec 3414 / CVE-2018-7183 / VU#961909: ntpq:decodearr() can write
beyond its buffer limit
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
.../recipes-support/ntp/{ntp_4.2.8p10.bb => ntp_4.2.8p11.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta-networking/recipes-support/ntp/{ntp_4.2.8p10.bb =>
ntp_4.2.8p11.bb} (97%)
diff --git a/meta-networking/recipes-support/ntp/ntp_4.2.8p10.bb
b/meta-networking/recipes-support/ntp/ntp_4.2.8p11.bb
similarity index 97%
rename from meta-networking/recipes-support/ntp/ntp_4.2.8p10.bb
rename to meta-networking/recipes-support/ntp/ntp_4.2.8p11.bb
index 6db165a..c698fa0 100644
--- a/meta-networking/recipes-support/ntp/ntp_4.2.8p10.bb
+++ b/meta-networking/recipes-support/ntp/ntp_4.2.8p11.bb
@@ -23,8 +23,8 @@ SRC_URI =
"http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.g
file://ntpd.list \
"
-SRC_URI[md5sum] = "745384ed0dedb3f66b33fe84d66466f9"
-SRC_URI[sha256sum] =
"ddd2366e64219b9efa0f7438e06800d0db394ac5c88e13c17b70d0dcdf99b99f"
+SRC_URI[md5sum] = "00950ca2855579541896513e78295361"
+SRC_URI[sha256sum] =
"f14a39f753688252d683ff907035ffff106ba8d3db21309b742e09b5c3cd278e"
inherit autotools update-rc.d useradd systemd pkgconfig
--
2.7.4
--
_______________________________________________
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel
