Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: src/doc



Module Name:    src
Committed By:   taca
Date:           Thu Jul  9 15:58:51 UTC 2015

Modified Files:
        src/doc: 3RDPARTY

Log Message:
Latest ntp is 4.2.8p3 which contains security fix (low risk).

Security Fix:

* [Sec 2853] Crafted remote config packet can crash some versions of
  ntpd.  Aleksis Kauppinen, Juergen Perlinger, Harlan Stenn.

Under specific circumstances an attacker can send a crafted packet to
cause a vulnerable ntpd instance to crash. This requires each of the
following to be true:

1) ntpd set up to allow remote configuration (not allowed by default), and
2) knowledge of the configuration password, and
3) access to a computer entrusted to perform remote configuration.

This vulnerability is considered low-risk.


To generate a diff of this commit:
cvs rdiff -u -r1.1234 -r1.1235 src/doc/3RDPARTY

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.




Home | Main Index | Thread Index | Old Index