| ntp-4.2.6p5-15.an2.src
[4.1 MiB] |
Changelog
by Miroslav Lichvar (2018-12-10):
- fix buffer overflow in parsing of address in ntpq and ntpdc (CVE-2018-12327)
|
| ntp-4.2.6p5-12.an2.2.src
[4.1 MiB] |
Changelog
by Michal Ruprich (2017-12-18):
- fix CVE-2016-7429 patch to work correctly on multicast client (#1525996)
|
| ntp-4.2.6p5-12.an2.1.src
[4.1 MiB] |
Changelog
by Miroslav Lichvar (2017-09-22):
- fix buffer overflow in datum refclock driver (CVE-2017-6462)
- fix crash with invalid unpeer command (CVE-2017-6463)
- fix potential crash with invalid server command (CVE-2017-6464)
|
| ntp-4.2.6p5-10.an2.2.src
[4.1 MiB] |
Changelog
by Miroslav Lichvar (2017-01-11):
- don't limit rate of packets from sources (CVE-2016-7426)
- don't change interface from received packets (CVE-2016-7429)
- fix calculation of root distance again (CVE-2016-7433)
- require authentication for trap commands (CVE-2016-9310)
- fix crash when reporting peer event to trappers (CVE-2016-9311)
|
| ntp-4.2.6p5-10.an2.1.src
[4.1 MiB] |
Changelog
by JoungKyun.Kim (2016-06-01):
- security issues:
. CVE-2015-7979 don't allow spoofed packets to demobilize associations
. CVE-2016-1547 don't allow spoofed packets to demobilize associations
. CVE-2016-1548 don't allow spoofed packet to enable symmetric interleaved mode
. CVE-2016-2518 check mode of new source in config command
. CVE-2016-1550 make MAC check resilient against timing attack
|
| ntp-4.2.6p5-10.an2.src
[4.1 MiB] |
Changelog
by JoungKyun.Kim (2016-05-12):
- security issues:
. CVE-2015-7977 fix crash with reslist command
. CVE-2015-7978 fix crash with reslist command
. CVE-2015-5194 fix crash with invalid logconfig command
. CVE-2015-5195 fix crash when referencing disabled statistic type
. CVE-2015-5219 don't hang in sntp with crafted reply
. CVE-2015-7691 don't crash with crafted autokey packet
. CVE-2015-7692 don't crash with crafted autokey packet
. CVE-2015-7702 don't crash with crafted autokey packet
. CVE-2015-7701 fix memory leak with autokey
. CVE-2015-7703 don't allow setting driftfile and pidfile remotely
. CVE-2015-7852 don't crash in ntpq with crafted packet
|
| ntp-4.2.6p5-5.an2.4.src
[4.1 MiB] |
Changelog
by Miroslav Lichvar (2016-01-20):
- don't accept server/peer packets with zero origin timestamp (CVE-2015-8138)
|
| ntp-4.2.6p5-5.an2.2.src
[4.1 MiB] |
Changelog
by Miroslav Lichvar (2015-10-16):
- security issues
. CVE-2015-7704 check origin timestamp before accepting KoD RATE packet
. CVE-2015-5300 allow only one step larger than panic threshold with -g
|
| ntp-4.2.6p5-5.an2.src
[4.1 MiB] |
Changelog
by JoungKyun.Kim (2015-08-16):
- security issues:
. CVE-2015-1798 reject packets without MAC when authentication is enabled
. CVE-2015-1799 protect symmetric associations with symmetric key against DoS attack
. CVE-2015-3405 fix generation of MD5 keys with ntp-keygen on big-endian systems
. CVE-2014-9297 validate lengths of values in extension fields
. CVE-2014-9298 drop packets with spoofed source address ::1
|
| ntp-4.2.6p5-3.an2.src
[4.1 MiB] |
Changelog
by Miroslav Lichvar (2015-03-09):
- don't step clock for leap second with -x option (#1199978)
|
| ntp-4.2.6p5-2.an2.src
[4.1 MiB] |
Changelog
by Miroslav Lichvar (2014-12-19):
- fixed security issues
. CVE-2014-9293 don't generate weak control key for resolver
. CVE-2014-9294 don't generate weak MD5 keys in ntp-keygen
. CVE-2014-9295 fix buffer overflows via specially-crafted packets
. CVE-2014-9296 don't mobilize passive association when authentication fails
|
| ntp-4.2.6p5-1.an2.src
[4.1 MiB] |
Changelog
by JoungKyun.Kim (2013-11-23):
- remove autogen
- several bug fixed
http://rhn.redhat.com/errata/RHBA-2013-1593.html
|
| ntp-4.2.4p8-3.an2.src
[3.3 MiB] |
Changelog
by Miroslav Lichvar (2013-01-10):
- fix IPv6 only interface iteration (#875798)
|
| ntp-4.2.4p8-2.an2.src
[3.3 MiB] |
Changelog
by JoungKyun.Kim (2012-01-01):
- rebuild on AnNyung
- move to /etc/ntp/ntp.conf from /etc/ntp.conf
|