diff options
| author | Gustavo Zacarias <gustavo@zacarias.com.ar> | 2016-05-02 09:21:22 -0300 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2016-05-02 17:24:10 +0200 |
| commit | ee18216d47e3d1eb5e9f666a5f30d61d5e4bbd97 (patch) | |
| tree | 4d73293672b66d7e0f83c6389e093e3fae8a07a2 /package/python-twisted/python-twisted.mk | |
| parent | 31acaf78c56d730620cc6982a78c84711d06aaf5 (diff) | |
| download | buildroot-ee18216d47e3d1eb5e9f666a5f30d61d5e4bbd97.tar.gz buildroot-ee18216d47e3d1eb5e9f666a5f30d61d5e4bbd97.zip | |
ntp: security bump to version 4.2.8p7
Fixes:
CVE-2016-1551 - Refclock impersonation vulnerability, AKA:
refclock-peering
CVE-2016-1549 - Sybil vulnerability: ephemeral association attack, AKA:
ntp-sybil - MITIGATION ONLY
CVE-2016-2516 - Duplicate IPs on unconfig directives will cause an
assertion botch
CVE-2016-2517 - Remote configuration trustedkey/requestkey values are not
properly validated
CVE-2016-2518 - Crafted addpeer with hmode > 7 causes array wraparound
with MATCH_ASSOC
CVE-2016-2519 - ctl_getitem() return value not always checked
CVE-2016-1547 - Validate crypto-NAKs, AKA: nak-dos
CVE-2016-1548 - Interleave-pivot - MITIGATION ONLY
CVE-2015-7704 - KoD fix: peer associations were broken by the fix for
NtpBug2901, AKA: Symmetric active/passive mode is broken
CVE-2015-8138 - Zero Origin Timestamp Bypass, AKA: Additional KoD Checks
CVE-2016-1550 - Improve NTP security against buffer comparison timing
attacks, authdecrypt-timing, AKA: authdecrypt-timing
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/python-twisted/python-twisted.mk')
0 files changed, 0 insertions, 0 deletions
