[Buildroot] [PATCH] ntp: security bump to version 4.2.8p6

Peter Korsgaard peter at korsgaard.com
Wed Jan 20 14:44:55 UTC 2016


>>>>> "Gustavo" == Gustavo Zacarias <gustavo at zacarias.com.ar> writes:

 > CVE-2015-7973 - Deja Vu: Replay attack on authenticated broadcast mode
 > CVE-2015-7974 - Skeleton Key: Missing key check allows impersonation
 > between authenticated peers
 > CVE-2015-7975 - nextvar() missing length check
 > CVE-2015-7976 - ntpq saveconfig command allows dangerous characters in
 > filenames
 > CVE-2015-7977 - reslist NULL pointer dereference
 > CVE-2015-7978 - Stack exhaustion in recursive traversal of restriction
 > list
 > CVE-2015-7979 - Off-path Denial of Service (DoS) attack on authenticated
 > broadcast mode
 > CVE-2015-8137 - origin: Zero Origin Timestamp Bypass
 > CVE-2015-8158 - Potential Infinite Loop in ntpq

Wow :/

Committed, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list