diff options
| author | delphij <delphij@FreeBSD.org> | 2018-02-28 15:35:27 +0800 |
|---|---|---|
| committer | delphij <delphij@FreeBSD.org> | 2018-02-28 15:35:27 +0800 |
| commit | ba6ab2ab155cb6e48c97d85917c620ae5edb36aa (patch) | |
| tree | c939d87ac199696d15601fcaab7982e508c53cde /security | |
| parent | 11f91c4bb28b99c5f3fad2a7e885c38b6002671b (diff) | |
| download | freebsd-ports-gnome-ba6ab2ab155cb6e48c97d85917c620ae5edb36aa.tar.gz freebsd-ports-gnome-ba6ab2ab155cb6e48c97d85917c620ae5edb36aa.tar.zst freebsd-ports-gnome-ba6ab2ab155cb6e48c97d85917c620ae5edb36aa.zip | |
Document multiple NTP vulnerabilities.
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 1b11247b4858..01cdfac7d252 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,68 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="af485ef4-1c58-11e8-8477-d05099c0ae8c"> + <topic>ntp -- multiple vulnerabilities</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>11.1</ge><lt>11.1_7</lt></range> + <range><ge>10.4</ge><lt>10.4_6</lt></range> + <range><ge>10.3</ge><lt>10.3_27</lt></range> + </package> + <package> + <name>ntp</name> + <range><lt>4.2.8p11</lt></range> + </package> + <package> + <name>ntp-devel</name> + <range><gt>0</gt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Network Time Foundation reports:</p> + <blockquote cite="http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S"> + <p>The NTP Project at Network Time Foundation is releasing ntp-4.2.8p11.</p> + <p>This release addresses five security issues in ntpd:</p> + <ul> + <li>LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil + vulnerability: ephemeral association attack</li> + <li>INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: + ctl_getitem(): buffer read overrun leads to undefined + behavior and information leak</li> + <li>LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple + authenticated ephemeral associations</li> + <li>LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved + symmetric mode cannot recover from bad state</li> + <li>LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: + Unauthenticated packet can reset authenticated interleaved + association</li> + </ul> + <p>one security issue in ntpq:</p> + <ul> + <li>MEDIUM: Sec 3414 / CVE-2018-7183 / VU#961909: + ntpq:decodearr() can write beyond its buffer limit</li> + </ul> + <p>and provides over 33 bugfixes and 32 other improvements.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2016-1549</cvename> + <cvename>CVE-2018-7182</cvename> + <cvename>CVE-2018-7170</cvename> + <cvename>CVE-2018-7184</cvename> + <cvename>CVE-2018-7185</cvename> + <cvename>CVE-2018-7183</cvename> + <url>http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S</url> + </references> + <dates> + <discovery>2018-02-27</discovery> + <entry>2018-02-28</entry> + </dates> + </vuln> + <vuln vid="abfc932e-1ba8-11e8-a944-54ee754af08e"> <topic>chromium -- vulnerability</topic> <affects> |