Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 515494 - net-misc/ntp-4.2.8 version bump
Summary: net-misc/ntp-4.2.8 version bump
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: All Linux
: Normal enhancement (vote)
Assignee: Gentoo's Team for Core System packages
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: CVE-2014-9293
  Show dependency tree
 
Reported: 2014-06-27 10:29 UTC by Manfred Knick
Modified: 2014-12-21 19:27 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Manfred Knick 2014-06-27 10:29:24 UTC 
Yes, 4.2.6p5   from 2011/12/24 is still "Production"   release,
and  4.2.7p445 from 2014/06/12 is marked "Development" release:
[ http://www.ntp.org/downloads.html ]

But only since 4.2.7p26,
upstream has addressed the problem of NTP being abused for dDoS,
and as of today, there are still 2121 NTP Server 
which are vulnerable to mask and multiply attacs by factor of 700 (!)
(latest scan of NSFocus Security).

Thus I urgently vote to take 4.2.7p445 and followers into the tree, 
at least as "~" :
we don't need that potentially threatening reputation, do we?


Reproducible: Always
Comment 1 Mikael Magnusson 2014-12-20 23:09:16 UTC 
#533076 is the bump bug for 4.2.8
Comment 2 Markos Chandras (RETIRED) gentoo-dev 2014-12-21 19:27:22 UTC 
Bumped