diff options
| author | taca <taca@pkgsrc.org> | 2017-03-24 03:41:08 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2017-03-24 03:41:08 +0000 |
| commit | 41f0be3d84e1501cb035d4514c0c87101118a052 (patch) | |
| tree | caf62fefdbe446bd915c59831dd571da6c39d03e /net/ntp4/Makefile | |
| parent | 612c2828a512ddaf2f90570b2bcc9cf2a36acf5c (diff) | |
| download | pkgsrc-41f0be3d84e1501cb035d4514c0c87101118a052.tar.gz | |
Update ntp4 to 4.2.8p10 including security fixes.
NTF's NTP Project is releasing ntp-4.2.8p10, which addresses:
* 6 MEDIUM severity vulnerabilities (1 is about the Windows PPSAPI DLL)
* 5 LOW severity vulnerabilities (2 are in the Windows Installer)
* 4 Informational-level vulnerabilities
* 15 other non-security fixes and improvements
All of the security issues in this release are listed in VU#633849.
ntp-4.2.8p10 was released on 21 March 2017.
* Sec 3389 / CVE-2017-6464 / VU#325339: NTP-01-016 NTP: Denial of Service via
Malformed Config (Pentest report 01.2017)
- Reported by Cure53.
* Sec 3388 / CVE-2017-6462 / VU#325339: NTP-01-014 NTP: Buffer Overflow in
DPTS Clock (Pentest report 01.2017)
- Reported by Cure53.
* Sec 3387 / CVE-2017-6463 / VU#325339: NTP-01-012 NTP: Authenticated DoS via
Malicious Config Option (Pentest report 01.2017)
- Reported by Cure53.
* Sec 3386: NTP-01-011 NTP: ntpq_stripquotes() returns incorrect Value
(Pentest report 01.2017)
- Reported by Cure53.
* Sec 3385: NTP-01-010 NTP: ereallocarray()/eallocarray() underused (Pentest
report 01.2017)
- Reported by Cure53.
* Sec 3384 / CVE-2017-6455 / VU#325339: NTP-01-009 NTP: Windows: Privileged
execution of User Library code (Pentest report 01.2017)
- Reported by Cure53.
* Sec 3383 / CVE-2017-6452 / VU#325339: NTP-01-008 NTP: Windows Installer:
Stack Buffer Overflow from Command Line (Pentest report 01.2017)
- Reported by Cure53.
* Sec 3382 / CVE-2017-6459 / VU#325339: NTP-01-007 NTP: Windows Installer:
Data Structure terminated insufficiently (Pentest report 01.2017)
- Reported by Cure53.
* Sec 3381: NTP-01-006 NTP: Copious amounts of Unused Code (Pentest report
01.2017)
- Reported by Cure53.
* Sec 3380: NTP-01-005 NTP: Off-by-one in Oncore GPS Receiver (Pentest report
01.2017)
- Reported by Cure53.
* Sec 3379 / CVE-2017-6458 / VU#325339: NTP-01-004 NTP: Potential Overflows in
ctl_put() functions (Pentest report 01.2017)
- Reported by Cure53.
* Sec 3378 / CVE-2017-6451 / VU#325339: NTP-01-003 Improper use of snprintf()
in mx4200_send() (Pentest report 01.2017)
- Reported by Cure53.
* Sec 3377 / CVE-2017-6460 / VU#325339: NTP-01-002 Buffer Overflow in ntpq
when fetching reslist (Pentest report 01.2017)
- Reported by Cure53.
* Sec 3376: NTP-01-001 Makefile does not enforce Security Flags (Pentest
report 01.2017)
- Reported by Cure53.
* Sec 3361 / CVE-2016-9042 / VU#325339: 0rigin
- Reported by Matthew Van Gundy of Cisco ASIG.
Diffstat (limited to 'net/ntp4/Makefile')
| -rw-r--r-- | net/ntp4/Makefile | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/ntp4/Makefile b/net/ntp4/Makefile index dd608d94b72..b22ec02edc0 100644 --- a/net/ntp4/Makefile +++ b/net/ntp4/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.97 2016/12/05 15:49:59 taca Exp $ +# $NetBSD: Makefile,v 1.98 2017/03/24 03:41:08 taca Exp $ # -DISTNAME= ntp-4.2.8p9 +DISTNAME= ntp-4.2.8p10 PKGNAME= ${DISTNAME:S/-dev-/-/} CATEGORIES= net time MASTER_SITES= http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ |