Request 370038: Submit ntp - openSUSE Build Service

Overview

Request 370038 accepted

- CVE-2015-8158, bsc#962966: potential infinite loop in ntpq
- CVE-2015-8138, bsc#963002: Zero Origin Timestamp Bypass
- CVE-2015-7978, bsc#963000: Stack exhaustion in recursive
traversal of restriction list.
- CVE-2015-7979, bsc#962784: off-path denial of service on
authenticated broadcast mode
- CVE-2015-7977, bsc#962970: restriction list NULL pointer
dereference
- CVE-2015-7976, bsc#962802: 'ntpq saveconfig' command allows
dangerous characters in filenames
- CVE-2015-7975, bsc#962988: nextvar() missing length check in ntpq
- CVE-2015-7974, bsc#962960: Missing key check allows impersonation
between authenticated peers
- CVE-2015-7973, bsc#962995: replay attack on authenticated
broadcast mode
- CVE-2015-5300, bsc#951629: MITM attacker can force ntpd to make
a step larger than the panic threshold

- update to 4.2.8p6
* fixes low- and medium-severity vulnerabilities
4.2.8p6: CVE-2015-8158 CVE-2015-8138 CVE-2015-7978
CVE-2015-7979 CVE-2015-7977 CVE-2015-7976 CVE-2015-7975
CVE-2015-7974 CVE-2015-7973
4.2.8p5: CVE-2015-5300
* bug fixes
----------------------- --------------------------------------------

Created by rmax over 8 years ago
In state accepted

Submit ntp

Comments for request 370038 0

Login required, please login in order to comment

Request History

rmax created request over 8 years ago

- CVE-2015-8158, bsc#962966: potential infinite loop in ntpq
- CVE-2015-8138, bsc#963002: Zero Origin Timestamp Bypass
- CVE-2015-7978, bsc#963000: Stack exhaustion in recursive
traversal of restriction list.
- CVE-2015-7979, bsc#962784: off-path denial of service on
authenticated broadcast mode
- CVE-2015-7977, bsc#962970: restriction list NULL pointer
dereference
- CVE-2015-7976, bsc#962802: 'ntpq saveconfig' command allows
dangerous characters in filenames
- CVE-2015-7975, bsc#962988: nextvar() missing length check in ntpq
- CVE-2015-7974, bsc#962960: Missing key check allows impersonation
between authenticated peers
- CVE-2015-7973, bsc#962995: replay attack on authenticated
broadcast mode
- CVE-2015-5300, bsc#951629: MITM attacker can force ntpd to make
a step larger than the panic threshold

- update to 4.2.8p6
* fixes low- and medium-severity vulnerabilities
4.2.8p6: CVE-2015-8158 CVE-2015-8138 CVE-2015-7978
CVE-2015-7979 CVE-2015-7977 CVE-2015-7976 CVE-2015-7975
CVE-2015-7974 CVE-2015-7973
4.2.8p5: CVE-2015-5300
* bug fixes
----------------------- --------------------------------------------

factory-auto added factory-repo-checker as a reviewer over 8 years ago

Please review build success

factory-auto accepted review over 8 years ago

Check script succeeded

licensedigger accepted review over 8 years ago

factory-repo-checker accepted review over 8 years ago

Builds for repo network:time/openSUSE_Factory

mlin7442 set openSUSE:Factory:Staging:E as a staging project over 8 years ago

Being evaluated by staging project "openSUSE:Factory:Staging:E"

mlin7442 accepted review over 8 years ago

Picked openSUSE:Factory:Staging:E

dimstar_suse accepted review over 8 years ago

ready to accept

dimstar_suse approved review over 8 years ago

ready to accept

dimstar_suse accepted request over 8 years ago

Accept to openSUSE:Factory

openSUSE Build Service is sponsored by