Project

General

Profile

Actions

Bug #9388

closed

Update ntpd

Added by Chris Macmahon over 5 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
High
Category:
NTPD
Target version:
Start date:
03/10/2019
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.x
Affected Architecture:
All

Description

Ran pkg audit new install of 2.4.4-p2:

pkg audit -F
Fetching vuln.xml.bz2: 100%  777 KiB 795.3kB/s    00:01    
ntp-4.2.8p12 is vulnerable:
ntp -- Crafted null dereference attack from a trusted source with an authenticated mode 6 packet
CVE: CVE-2019-8936
WWW: https://vuxml.FreeBSD.org/freebsd/c2576e14-36e2-11e9-9eda-206a8a720317.html
Actions

Also available in: Atom PDF