Date: Sat, 2 Nov 2013 01:18:24 +0100 From: Dimitry Andric <dim@FreeBSD.org> To: Tom Evans <tevans.uk@googlemail.com> Cc: freebsd-security@freebsd.org, Karl Pielorz <kpielorz_lst@tdx.co.uk> Subject: Re: ntpd 4.2.4p8 - up to date? Message-ID: <E520736B-8D62-4A97-AFFD-14F44B1CC290@FreeBSD.org> In-Reply-To: <CAFHbX1LAcE4c_E5J4pdny0hkz=GTPghmsB0kRuTDQdP9S8PCHg@mail.gmail.com> References: <7403C046ABF387E5061BC441@Mail-PC.tdx.co.uk> <CAFHbX1LAcE4c_E5J4pdny0hkz=GTPghmsB0kRuTDQdP9S8PCHg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_AFE44133-5409-4CEA-AA9C-185A660ECAAE Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On 01 Nov 2013, at 17:31, Tom Evans <tevans.uk@googlemail.com> wrote: > On Fri, Nov 1, 2013 at 4:05 PM, Karl Pielorz <kpielorz_lst@tdx.co.uk> = wrote: >>=20 >> Hi, >>=20 >> A friend who uses linux a lot happened to notice on a FreeBSD box I >> installed the other day and updated to 9.2-R that it's using ntpd = 4.2.4p8. >>=20 >> They reckon that's had a lot of issues (e.g. CVE reports) against it = - and >> it should be newer. >>=20 >> I'm sure the one it has been 'updated' with is secure - and just = reports >> that version, but if someone can confirm that'd be great, >>=20 >=20 > Don't take anything I say as confirmation, but I would have thought, > looking at this page [1], that he is wrong. All the CVEs listed there > say they apply to "before 4.2.4p8" or a lower version. >=20 > Cheers >=20 > Tom >=20 > [1] = http://www.cvedetails.com/vulnerability-list/vendor_id-2153/NTP.html That page lists a bunch of CVEs, and the relevant ones have already had = FreeBSD security advisories: CVE-2009-3563 = http://www.freebsd.org/security/advisories/FreeBSD-SA-10:02.ntpd.asc CVE-2009-1252 = http://www.freebsd.org/security/advisories/FreeBSD-SA-09:11.ntpd.asc CVE-2009-0159 not relevant, NTP before 4.2.4p7-RC2 CVE-2009-0021 not relevant, NTP before 4.2.4p5 CVE-2004-0657 not relevant, NTP before 4.0 -DImitry --Apple-Mail=_AFE44133-5409-4CEA-AA9C-185A660ECAAE Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) iEYEARECAAYFAlJ0RNcACgkQsF6jCi4glqOiMQCgqEK/KuTOr2w4M7U5gzf7WkgS kDgAoKmSKYv02vDgwFz1H/N9PQEWkdyQ =7dOs -----END PGP SIGNATURE----- --Apple-Mail=_AFE44133-5409-4CEA-AA9C-185A660ECAAE--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E520736B-8D62-4A97-AFFD-14F44B1CC290>