summaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-support/ntp/files/CVE-2013-5211.patch
Commit message (Collapse)AuthorAgeFilesLines
* ntp: upgrade to 4.2.8Paul Eggleton2014-12-291-112/+0
| | | | | | | | | | | | | | | | | | | | | | * Upgrade to 4.2.8 which fixes several security issues, including CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, and CVE-2014-9296. For more details please see: https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01A * LIC_FILES_CHKSUM changed due to a number of copyright year and patch list changes; nothing material about the license text changed. * This version moves a number of binaries from sbindir to bindir; there's supposed to be a configure option --with-locfile=legacy to use the old layout but it does not seem to work. I guess we'll just have to live with the change. * Drop patches which are no longer applicable. * Merge inc file into recipe; there were too many changes required to the inc file in this version and it's unlikely it was much use split out in any case. * Move remaining files in files/ to ntp/ Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* ntp: fix CVE-2013-5211Zhang Xiao2014-08-211-0/+112
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>