projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 02b1975) | patch
ntp: security bump to version 4.2.8
authorGustavo Zacarias <gustavo@zacarias.com.ar>
Mon, 22 Dec 2014 14:26:59 +0000 (11:26 -0300)
committerThomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tue, 23 Dec 2014 10:36:07 +0000 (11:36 +0100)
commit5d5c9a8dcb1f3385e70a2e089f6577c67eca59c3
tree9951c95608747cc60c4d95a9c7e84b93e082303etree
parent02b1975b787fa01c1115eca34adf309ac0830adacommit | diff
ntp: security bump to version 4.2.8

Fixes:

CVE-2014-9293 - ntpd generated a weak key for its internal use, with
full administrative privileges.  Attackers could use this key to
reconfigure ntpd (or to exploit other vulnerabilities).

CVE-2014-9294 - The ntp-keygen utility generated weak MD5 keys with
insufficient entropy.

CVE-2014-9295 - ntpd had several buffer overflows (both on the stack and
in the data section), allowing remote authenticated attackers to crash
ntpd or potentially execute arbitrary code.

CVE-2014-9296 - The general packet processing function in ntpd did not
handle an error case correctly.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
package/ntp/0001-fix-ntp-keygen-without-openssl.patch [new file with mode: 0644] blob
package/ntp/0002-nano.patch [new file with mode: 0644] blob
package/ntp/Config.in diff | blob | history
package/ntp/ntp-001-adjtimex.patch [deleted file] blob | history
package/ntp/ntp-002-nano.patch [deleted file] blob | history
package/ntp/ntp.hash [new file with mode: 0644] blob
package/ntp/ntp.mk diff | blob | history