"MEDIUM: Sec 3661: Memory leak with CMAC keys
Systems that use a CMAC algorithm in ntp.keys will not release a bit of memory on each packet that uses a CMAC key, eventually causing ntpd to run out of memory and fail. The CMAC cleanup from https://bugs.ntp.org/3447, part of ntp-4.2.8p11 and ntp-4.3.97, introduced a bug whereby the CMAC data structure was no longer completely removed.
Reported by Martin Burnicki of Meinberg."
Please tell us when ready to stable.
This issue was resolved and addressed in
GLSA 202007-12 at https://security.gentoo.org/glsa/202007-12
by GLSA coordinator Sam James (sam_c).
(In reply to GLSAMaker/CVETool Bot from comment #11)
> This issue was resolved and addressed in
> GLSA 202007-12 at https://security.gentoo.org/glsa/202007-12
> by GLSA coordinator Sam James (sam_c).
Reopening for cleanup.
The bug has been referenced in the following commit(s):
Author: Lars Wendler <firstname.lastname@example.org>
AuthorDate: 2020-07-27 18:56:04 +0000
Commit: Lars Wendler <email@example.com>
CommitDate: 2020-07-27 19:02:30 +0000
net-misc/ntp: Security cleanup
Package-Manager: Portage-3.0.1, Repoman-2.3.23
Signed-off-by: Lars Wendler <firstname.lastname@example.org>
net-misc/ntp/Manifest | 2 -
.../ntp/files/ntp-4.2.8-gcc10-fno-common.patch | 22 ----
net-misc/ntp/ntp-4.2.8_p14-r2.ebuild | 145 ---------------------
3 files changed, 169 deletions(-)
All done, thanks!