Date: Mon, 22 Dec 2014 17:16:15 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Winfried Neessen <neessen@cleverbridge.com> Cc: freebsd-security@freebsd.org Subject: Re: ntpd vulnerabilities Message-ID: <86a92fzmls.fsf@nine.des.no> In-Reply-To: <252350272.1812596.1419241828431.JavaMail.zimbra@cleverbridge.com> (Winfried Neessen's message of "Mon, 22 Dec 2014 10:50:28 %2B0100 (CET)") References: <252350272.1812596.1419241828431.JavaMail.zimbra@cleverbridge.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Winfried Neessen <neessen@cleverbridge.com> writes: > there has been a security advisory for several vulnerabilities in ntpd. I= s FreeBSD=20 > affected by this? According to http://www.kb.cert.org/vuls/id/852879 Open= BSD is=20 > not affected, but I guess that's due to the fact, that they have OpenNTPd= . The=20 > status for FreeBSD on that page is still "unknown".=20 Yes, FreeBSD is vulnerable, and we have informed CERT of that fact, so I don't know why they have us down as "unknown". We are preparing an advisory for tomorrow. As was the case with BIND, this takes more work than for many other operating systems since we maintain older versions in older branches; for instance, 8.4 has 4.2.4. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86a92fzmls.fsf>