506710 – net-misc/ntp Version bump to 4.2.7p26 requested to address CVE-2013-5211

Bug 506710 - net-misc/ntp Version bump to 4.2.7p26 requested to address CVE-2013-5211

Summary: net-misc/ntp Version bump to 4.2.7p26 requested to address CVE-2013-5211

Status:	RESOLVED DUPLICATE of bug 496776

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Server (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Linux bug wranglers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-04-03 23:05 UTC by Guido Winkelmann
Modified:	2014-04-03 23:09 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Guido Winkelmann 2014-04-03 23:05:09 UTC

NTP has a security issue that allows it to be used for DDoS traffic amplification attacks in its default configuration. The fixed version, 4.2.7p26, is not in the portage main tree at this moment.

See:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5211
and:
http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using

Please make an ebuild for version 4.2.7p26 or later available.

Reproducible: Always

Comment 1 Alex Xu (Hello71) 2014-04-03 23:09:30 UTC


*** This bug has been marked as a duplicate of bug 496776 ***