Project

General

Profile

Bug #9388

Update ntpd

Added by Chris Macmahon over 1 year ago. Updated 7 months ago.

Status:
Resolved
Priority:
High
Category:
NTPD
Target version:
Start date:
03/10/2019
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.4.x
Affected Architecture:
All

Description

Ran pkg audit new install of 2.4.4-p2:

pkg audit -F
Fetching vuln.xml.bz2: 100%  777 KiB 795.3kB/s    00:01    
ntp-4.2.8p12 is vulnerable:
ntp -- Crafted null dereference attack from a trusted source with an authenticated mode 6 packet
CVE: CVE-2019-8936
WWW: https://vuxml.FreeBSD.org/freebsd/c2576e14-36e2-11e9-9eda-206a8a720317.html

History

#1 Updated by Jim Pingle over 1 year ago

  • Target version changed from 48 to 2.5.0

#2 Updated by Jim Pingle over 1 year ago

  • Description updated (diff)

#3 Updated by Jim Pingle over 1 year ago

  • Category set to NTPD
  • Assignee set to Renato Botelho
  • Priority changed from Normal to High
  • Affected Version set to 2.4.x

#4 Updated by Renato Botelho over 1 year ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

4.2.8p13 imported to devel branch

#5 Updated by Jim Pingle about 1 year ago

  • Subject changed from pkg audit to Update ntpd

#6 Updated by Jim Pingle 10 months ago

  • Status changed from Feedback to Resolved
: pkg info -x ntp
ntp-4.2.8p13_5
: pkg audit -F
Fetching vuln.xml.bz2: 100%  826 KiB 846.3kB/s    00:01    
0 problem(s) in 0 installed package(s) found.

Same output on 2.5.0 and 2.4.5.

#7 Updated by Jim Pingle 7 months ago

  • Private changed from Yes to No

Also available in: Atom PDF