Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 506710

Summary: net-misc/ntp Version bump to 4.2.7p26 requested to address CVE-2013-5211
Product: Gentoo Linux Reporter: Guido Winkelmann <guido-genbugs>
Component: [OLD] ServerAssignee: Gentoo Linux bug wranglers <bug-wranglers>
Status: RESOLVED DUPLICATE    
Severity: normal CC: alex_y_xu
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Guido Winkelmann 2014-04-03 23:05:09 UTC 
NTP has a security issue that allows it to be used for DDoS traffic amplification attacks in its default configuration. The fixed version, 4.2.7p26, is not in the portage main tree at this moment.

See:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5211
and:
http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using

Please make an ebuild for version 4.2.7p26 or later available.

Reproducible: Always
Comment 1 Alex Xu (Hello71) 2014-04-03 23:09:30 UTC 

*** This bug has been marked as a duplicate of bug 496776 ***