Opened 6 years ago

Closed 6 years ago

Last modified 5 years ago

#11772 closed enhancement (fixed)

ntp-4.2.8p13

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: normal Milestone: 9.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New patch version.

Change History (4)

comment:1 by Bruce Dubbs, 6 years ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 6 years ago

NTP 4.2.8p13

Focus: Security, Bug fixes, enhancements.

Severity: MEDIUM

This release fixes a bug that allows an attacker with access to an explicitly trusted source to send a crafted malicious mode 6 (ntpq) packet that can trigger a NULL pointer dereference, crashing ntpd. It also provides 17 other bugfixes and 1 other improvement:

  • [Sec 3565] Crafted null dereference attack in authenticated

mode 6 packet <perlinger@…>

  • reported by Magnus Stubman
  • [Bug 3560] Fix build when HAVE_DROPROOT is not defined <perlinger@…>
    • applied patch by Ian Lepore
  • [Bug 3558] Crash and integer size bug <perlinger@…>
    • isolate and fix linux/windows specific code issue
  • [Bug 3556] ntp_loopfilter.c snprintf compilation warnings <perlinger@…>
    • provide better function for incremental string formatting
  • [Bug 3555] Tidy up print alignment of debug output from ntpdate <perlinger@…>
    • applied patch by Gerry Garvey
  • [Bug 3554] config revoke stores incorrect value <perlinger@…>
    • original finding by Gerry Garvey, additional cleanup needed
  • [Bug 3549] Spurious initgroups() error message <perlinger@…>
    • patch by Christous Zoulas
  • [Bug 3548] Signature not verified on windows system <perlinger@…>
    • finding by Chen Jiabin, plus another one by me
  • [Bug 3541] patch to fix STA_NANO struct timex units <perlinger@…>
    • applied patch by Maciej Szmigiero
  • [Bug 3540] Cannot set minsane to 0 anymore <perlinger@…>
    • applied patch by Andre Charbonneau
  • [Bug 3539] work_fork build fails when droproot is not supported <perlinger@…>
    • applied patch by Baruch Siach
  • [Bug 3538] Build fails for no-MMU targets <perlinger@…>
    • applied patch by Baruch Siach
  • [Bug 3535] libparse won't handle GPS week rollover <perlinger@…>
    • refactored handling of GPS era based on 'tos basedate' for parse (TSIP) and JUPITER clocks
  • [Bug 3529] Build failures on Mac OS X 10.13 (High Sierra) <perlinger@…>
    • patch by Daniel J. Luke; this does not fix a potential linker regression issue on MacOS.
  • [Bug 3527 - Backward Incompatible] mode7 clockinfo fudgeval2 packet anomaly <perlinger@…>, reported by GGarvey.
    • --enable-bug3527-fix support by HStenn
  • [Bug 3526] Incorrect poll interval in packet <perlinger@…>
    • applied patch by Gerry Garvey
  • [Bug 3471] Check for openssl/[ch]mac.h. <perlinger@…>
    • added missing check, reported by Reinhard Max <perlinger@…>
  • [Bug 1674] runtime crashes and sync problems affecting both x86 and x86_64
    • this is a variant of [bug 3558] and should be fixed with it
  • Implement 'configure --disable-signalled-io'

comment:3 by Bruce Dubbs, 6 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 21292.

comment:4 by Bruce Dubbs, 5 years ago

Milestone: 8.59.0

Milestone renamed

Note: See TracTickets for help on using tickets.