Date: Fri, 1 Nov 2013 16:31:07 +0000 From: Tom Evans <tevans.uk@googlemail.com> To: Karl Pielorz <kpielorz_lst@tdx.co.uk> Cc: freebsd-security@freebsd.org Subject: Re: ntpd 4.2.4p8 - up to date? Message-ID: <CAFHbX1LAcE4c_E5J4pdny0hkz=GTPghmsB0kRuTDQdP9S8PCHg@mail.gmail.com> In-Reply-To: <7403C046ABF387E5061BC441@Mail-PC.tdx.co.uk> References: <7403C046ABF387E5061BC441@Mail-PC.tdx.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Nov 1, 2013 at 4:05 PM, Karl Pielorz <kpielorz_lst@tdx.co.uk> wrote: > > Hi, > > A friend who uses linux a lot happened to notice on a FreeBSD box I > installed the other day and updated to 9.2-R that it's using ntpd 4.2.4p8. > > They reckon that's had a lot of issues (e.g. CVE reports) against it - and > it should be newer. > > I'm sure the one it has been 'updated' with is secure - and just reports > that version, but if someone can confirm that'd be great, > Don't take anything I say as confirmation, but I would have thought, looking at this page [1], that he is wrong. All the CVEs listed there say they apply to "before 4.2.4p8" or a lower version. Cheers Tom [1] http://www.cvedetails.com/vulnerability-list/vendor_id-2153/NTP.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFHbX1LAcE4c_E5J4pdny0hkz=GTPghmsB0kRuTDQdP9S8PCHg>