ntp: security bump to version 4.2.8p11 - buildroot

diff options

author	Baruch Siach <baruch@tkos.co.il>	2018-03-06 19:00:47 +0200
committer	Peter Korsgaard <peter@korsgaard.com>	2018-03-06 19:03:26 +0100
commit	da05d748057a98254a9c4fbd6afbc8ebf7e08afd (patch)
tree	73584d37f9bec4c9d35410f66b1f10e53594cfad /package/jsoncpp
parent	74295b02d4b380e5267357be0ae1281c7410cdc2 (diff)
download	buildroot-da05d748057a98254a9c4fbd6afbc8ebf7e08afd.tar.gz buildroot-da05d748057a98254a9c4fbd6afbc8ebf7e08afd.zip

ntp: security bump to version 4.2.8p11

Fixed or improved security issues: CVE-2016-1549 (fixed in 4.2.8p7; this release adds protection): A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm CVE-2018-7182: Buffer read overrun leads to undefined behavior and information leak CVE-2018-7170: Multiple authenticated ephemeral associations CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state CVE-2018-7185: Unauthenticated packet can reset authenticated interleaved association CVE-2018-7183: ntpq:decodearr() can write beyond its buffer limit Drop patch #3. libntpq_a_CFLAGS now includes NTP_HARD_CFLAGS via AM_CFLAGS. Add license file hash. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Diffstat (limited to 'package/jsoncpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: