Request 586702: Submit ntp - openSUSE Build Service

This request supersedes: request 586697 (Show diff)

Overview

Request 586702 accepted

- Update to 4.2.8p11 (bsc#1082210):
* CVE-2016-1549: Sybil vulnerability: ephemeral association
attack. While fixed in ntp-4.2.8p7, there are significant
additional protections for this issue in 4.2.8p11.
* CVE-2018-7182, bsc#1083426: ctl_getitem(): buffer read overrun
leads to undefined behavior and information leak.
* CVE-2018-7170, bsc#1083424: Multiple authenticated ephemeral
associations.
* CVE-2018-7184, bsc#1083422: Interleaved symmetric mode cannot
recover from bad state.
* CVE-2018-7185, bsc#1083420: Unauthenticated packet can reset
authenticated interleaved association.
* CVE-2018-7183, bsc#1083417: ntpq:decodearr() can write beyond
its buffer limit.
* Obsoletes these patches: ntp-sntp-a.patch, ntp-warnings.patch
- Remove dead code from conf.start-ntpd (bsc#1082063).
- Don't use libevent's cached time stamps in sntp.
(bsc#1077445, ntp-sntp-libevent.patch)

Created by rmax over 6 years ago
In state accepted
Supersedes 586697

Submit ntp

Comments for request 586702 0

Login required, please login in order to comment

Request History

rmax created request over 6 years ago

- Update to 4.2.8p11 (bsc#1082210):
* CVE-2016-1549: Sybil vulnerability: ephemeral association
attack. While fixed in ntp-4.2.8p7, there are significant
additional protections for this issue in 4.2.8p11.
* CVE-2018-7182, bsc#1083426: ctl_getitem(): buffer read overrun
leads to undefined behavior and information leak.
* CVE-2018-7170, bsc#1083424: Multiple authenticated ephemeral
associations.
* CVE-2018-7184, bsc#1083422: Interleaved symmetric mode cannot
recover from bad state.
* CVE-2018-7185, bsc#1083420: Unauthenticated packet can reset
authenticated interleaved association.
* CVE-2018-7183, bsc#1083417: ntpq:decodearr() can write beyond
its buffer limit.
* Obsoletes these patches: ntp-sntp-a.patch, ntp-warnings.patch
- Remove dead code from conf.start-ntpd (bsc#1082063).
- Don't use libevent's cached time stamps in sntp.
(bsc#1077445, ntp-sntp-libevent.patch)

licensedigger accepted review over 6 years ago

ok

factory-auto added opensuse-review-team as a reviewer over 6 years ago

Please review sources

factory-auto added repo-checker as a reviewer over 6 years ago

Please review build success

factory-auto accepted review over 6 years ago

Check script succeeded

jengelh accepted review over 6 years ago

staging-bot set openSUSE:Factory:Staging:E as a staging project over 6 years ago

Being evaluated by staging project "openSUSE:Factory:Staging:E"

staging-bot accepted review over 6 years ago

Picked openSUSE:Factory:Staging:E

repo-checker accepted review over 6 years ago

cycle and install check passed

dimstar_suse accepted review over 6 years ago

ready to accept

dimstar_suse approved review over 6 years ago

ready to accept

dimstar_suse accepted request over 6 years ago

Accept to openSUSE:Factory

openSUSE Build Service is sponsored by