[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add information for new ntp issues

Wed Feb 28 06:06:09 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3d7c568f by Salvatore Bonaccorso at 2018-02-28T07:05:52+01:00
Add information for new ntp issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1140,14 +1140,30 @@ CVE-2018-7187 (The "go get" implementation in Go 1.9.4, when the -inse
 	[jessie] - golang <ignored> (Minor issue)
 	NOTE: https://github.com/golang/go/issues/23867
 	NOTE: https://github.com/golang/go/commit/c941e27e70c3e06e1011d2dd71d72a7a06a9bcbc
-CVE-2018-7185
-	RESERVED
-CVE-2018-7184
-	RESERVED
-CVE-2018-7183
-	RESERVED
-CVE-2018-7182
-	RESERVED
+CVE-2018-7185 [Unauthenticated packet can reset authenticated interleaved association]
+	RESERVED
+	- ntp <unfixed>
+	NOTE: http://www.kb.cert.org/vuls/id/961909
+	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3454
+	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
+CVE-2018-7184 [Interleaved symmetric mode cannot recover from bad state]
+	RESERVED
+	- ntp <unfixed>
+	NOTE: http://www.kb.cert.org/vuls/id/961909
+	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3453
+	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
+CVE-2018-7183 [ntpq:decodearr() can write beyond its buffer limit]
+	RESERVED
+	- ntp <unfixed>
+	NOTE: http://www.kb.cert.org/vuls/id/961909
+	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3414
+	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
+CVE-2018-7182 [ctl_getitem(): buffer read overrun leads to undefined behavior and information leak]
+	RESERVED
+	- ntp <unfixed>
+	NOTE: http://www.kb.cert.org/vuls/id/961909
+	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3412
+	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
 CVE-2018-7181
 	RESERVED
 CVE-2017-18190 (A localhost.localdomain whitelist entry in valid_host() in ...)
@@ -1195,8 +1211,12 @@ CVE-2018-7172 (In index.php in WonderCMS 2.4.0, remote attackers can delete arbi
 	TODO: check
 CVE-2018-7171
 	RESERVED
-CVE-2018-7170
+CVE-2018-7170 [Multiple authenticated ephemeral associations]
 	RESERVED
+	- ntp <unfixed>
+	NOTE: http://www.kb.cert.org/vuls/id/961909
+	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3415
+	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
 CVE-2018-7169 (An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is ...)
 	- shadow <unfixed> (bug #890557)
 	[stretch] - shadow <no-dsa> (Minor issue)
@@ -97219,6 +97239,8 @@ CVE-2016-1549 (A malicious authenticated peer can create arbitrarily-many epheme
 	[jessie] - ntp <no-dsa> (Minor issue)
 	[wheezy] - ntp <no-dsa> (Minor issue)
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
+	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
+	NOTE: additional significant protection went into ntp-4.2.8p11.
 CVE-2016-1548 (An attacker can spoof a packet from a legitimate ntpd server with an ...)
 	{DSA-3629-1 DLA-559-1}
 	- ntp 1:4.2.8p7+dfsg-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3d7c568f9b056e1693aacfbc608a5655857c955d

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3d7c568f9b056e1693aacfbc608a5655857c955d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180228/78007162/attachment-0001.html>
