From patchwork Thu Mar  8 05:19:04 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Matthias Fischer <matthias.fischer@ipfire.org>
X-Patchwork-Id: 1692
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (unknown [172.28.1.200])
	by web02.i.ipfire.org (Postfix) with ESMTP id 02249600A1
	for <patchwork@web02.i.ipfire.org>;
	Wed,  7 Mar 2018 19:19:18 +0100 (CET)
X-Virus-Scanned: ClamAV at mail01.ipfire.org
X-Spam-Flag: NO
X-Spam-Score: -0.599
X-Spam-Level: 
X-Spam-Status: No, score=-0.599 tagged_above=-999 required=5
	tests=[ALL_TRUSTED=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
	DKIM_VALID_AU=-0.1, KAM_NUMSUBJECT=0.5, URIBL_BLOCKED=0.001]
	autolearn=disabled
Received: from mail01.i.ipfire.org (localhost [IPv6:::1])
	by mail01.ipfire.org (Postfix) with ESMTP id AB368108C38E;
	Wed,  7 Mar 2018 18:19:16 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ipfire.org; s=201801;
	t=1520446757; x=1523038757;
	bh=UoBjywWA93Mhw0dHOatM5jtLvjxdod62o8qETG4dHCo=;
	h=From:To:Subject:Date:Message-Id:Sender:From:To:Cc:Date:
	Content-Type:Message-ID:In-Reply-To:Subject:Reply-To:Sender;
	b=RZVMM2UYwhIAufVCFiVLbx1qNTgbDxxGsJMtcF7Xy0enDE18ZVZlMDqY4XcSwAE1f
	EcXwSfkcniFKjQOtnJMLzGNzO6Zc+Kbma/Vp9HYqaBXCN86P4N63GOW7bJOkdwY75P
	AJ5ww5tWci87DoYdEqm9xyJQDCS/bwfGP5LD/77Qsohg1n2QRKClc5ERWXBe5GbIv6
	H5THorwYx0u76QR6I/wzeehFmiJEEWhQ9L7LgGEgRJlPdNlCrh6VS8S/trD1xFTaxe
	skwPMO9tzr/WIXVpEwoavrRwYeRKphdqnDf/ltli+bH0GI4FViSbBP5Pr329WtrV+L
	/WkMLqYUjwIZg==
X-Virus-Scanned: ClamAV at mail01.ipfire.org
Received: from Devel.localdomain (p5B0A20A2.dip0.t-ipconnect.de
	[91.10.32.162])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits))
	(Client did not present a certificate)
	by mail01.ipfire.org (Postfix) with ESMTPSA id DBA46108C382
	for <development@lists.ipfire.org>;
	Wed,  7 Mar 2018 18:19:08 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ipfire.org; s=201801;
	t=1520446749; x=1523038749;
	bh=UoBjywWA93Mhw0dHOatM5jtLvjxdod62o8qETG4dHCo=;
	h=From:To:Subject:Date:Message-Id:From:To:Cc:Date:Content-Type:
	Message-ID:In-Reply-To:Subject:Reply-To:Sender;
	b=l6n70B9pXWdOmWVUNFrGBIfT3ez2SOeDX3QkRuLxN5GlILlEAcUafWbXB/+u/zAyJ
	V5zH8rUHtsFkeqT+KO3D2JFnMlBfLU+IUtwHaDO+xVVWqmser/HTxae3Id64ln/1uo
	sQdQPmxyK1sK+E6p1q0BX8m7ejHKikP3eVbgcgdmv6X5rLjLUlTtiIFsZw/O698UKO
	blrQXK1eXbkVsFQ3E57+1uirxewbGSlZ12Lq79SEdxpjtBTr7T661ZXogsWaKu6Mff
	8A0ly/65mPTfTkOLNbk9OLTKyMPJmBI2fgc9/B5Iorh9KV+mJD3WIG4eQzxa7I2w5o
	S6akvdwBvoMbw==
From: Matthias Fischer <matthias.fischer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] ntp: Update to 4.2.8p11
Date: Wed,  7 Mar 2018 19:19:04 +0100
Message-Id: <20180307181904.1772-1-matthias.fischer@ipfire.org>
X-Mailer: git-send-email 2.16.2
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
	<mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <https://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
	<mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

For details see:
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities

"This release addresses five security issues in ntpd:

	LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability: ephemeral
	association attack
		While fixed in ntp-4.2.8p7, there are significant additional protections for
		this issue in 4.2.8p11.
		Reported by Matt Van Gundy of Cisco.
	INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer read overrun
	leads to undefined behavior and information leak
		Reported by Yihan Lian of Qihoo 360.
	LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated ephemeral associations
		Reported on the questions@ list.
	LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode cannot recover
	from bad state
		Reported by Miroslav Lichvar of Red Hat.
	LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet can reset
	authenticated interleaved association
		Reported by Miroslav Lichvar of Red Hat.

one security issue in ntpq:

	MEDIUM: Sec 3414 / CVE-2018-7183 / VU#961909: ntpq:decodearr() can write beyond its
	buffer limit
		Reported by Michael Macnair of Thales-esecurity.com.

and provides over 33 bugfixes and 32 other improvements."

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
 lfs/ntp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lfs/ntp b/lfs/ntp
index 1f1c5244d..9c5e772ac 100644
--- a/lfs/ntp
+++ b/lfs/ntp
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2017  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2018  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 4.2.8p10
+VER        = 4.2.8p11
 
 THISAPP    = ntp-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 745384ed0dedb3f66b33fe84d66466f9
+$(DL_FILE)_MD5 = 00950ca2855579541896513e78295361
 
 install : $(TARGET)