Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 515494

Summary: net-misc/ntp-4.2.8 version bump
Product: Gentoo Linux Reporter: Manfred Knick <Manfred.Knick>
Component: [OLD] Core systemAssignee: Gentoo's Team for Core System packages <base-system>
Status: RESOLVED FIXED    
Severity: enhancement    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=496776
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 533076    

Description Manfred Knick 2014-06-27 10:29:24 UTC 
Yes, 4.2.6p5   from 2011/12/24 is still "Production"   release,
and  4.2.7p445 from 2014/06/12 is marked "Development" release:
[ http://www.ntp.org/downloads.html ]

But only since 4.2.7p26,
upstream has addressed the problem of NTP being abused for dDoS,
and as of today, there are still 2121 NTP Server 
which are vulnerable to mask and multiply attacs by factor of 700 (!)
(latest scan of NSFocus Security).

Thus I urgently vote to take 4.2.7p445 and followers into the tree, 
at least as "~" :
we don't need that potentially threatening reputation, do we?


Reproducible: Always
Comment 1 Mikael Magnusson 2014-12-20 23:09:16 UTC 
#533076 is the bump bug for 4.2.8
Comment 2 Markos Chandras (RETIRED) gentoo-dev 2014-12-21 19:27:22 UTC 
Bumped