[Secure-testing-commits] r44793 - data/CVE
Nicholas Luedtke
nluedtke-guest at moszumanska.debian.org
Wed Sep 21 16:27:34 UTC 2016
Author: nluedtke-guest
Date: 2016-09-21 16:27:34 +0000 (Wed, 21 Sep 2016)
New Revision: 44793
Modified:
data/CVE/list
Log:
Add fixed version and notes for CVE-2016-7705
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-21 15:54:56 UTC (rev 44792)
+++ data/CVE/list 2016-09-21 16:27:34 UTC (rev 44793)
@@ -29188,13 +29188,15 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/06/3
CVE-2015-7705 [An attacker can forge packets that claim to be from the target and send them to servers often enough that a server that implements KoD rate limiting will send the target machine a KoD response to attempt to reduce the rate of incoming packets]
RESERVED
- - ntp <unfixed>
+ - ntp 1:4.2.8p4+dfsg-3
[jessie] - ntp <no-dsa> (Default config not affected)
[wheezy] - ntp <no-dsa> (Default config not affected)
[squeeze] - ntp <no-dsa> (Default config not affected)
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
NOTE: https://github.com/ntp-project/ntp/commit/21d57dc336dbe9a975baca5ce5ae4da5b71ff123
NOTE: https://github.com/ntp-project/ntp/commit/492758c3d0690d3ccf7130fabfcf670997f12f7b
+ NOTE: Original fix was reported broken, then fixed in http://bugs.ntp.org/show_bug.cgi?id=2952 (4.2.8p7)
+ NOTE: Orginal upsteam bug: http://support.ntp.org/bin/view/Main/NtpBug2901
CVE-2015-7704 [An ntpd client that honors Kiss-of-Death responses will honor KoD messages that have been forged by an attacker, causing it to delay or stop querying its servers for time updates.]
RESERVED
{DSA-3388-1 DLA-335-1}
More information about the Secure-testing-commits
mailing list