ntp-4.2.8p10 was released on 21 March 2017. Sec 3389 / CVE-2017-6464 / VU#325339: NTP-01-016 NTP: Denial of Service via Malformed Config (Pentest report 01.2017) Reported by Cure53. Sec 3388 / CVE-2017-6462 / VU#325339: NTP-01-014 NTP: Buffer Overflow in DPTS Clock (Pentest report 01.2017) Reported by Cure53. Sec 3387 / CVE-2017-6463 / VU#325339: NTP-01-012 NTP: Authenticated DoS via Malicious Config Option (Pentest report 01.2017) Reported by Cure53. Sec 3386: NTP-01-011 NTP: ntpq_stripquotes() returns incorrect Value (Pentest report 01.2017) Reported by Cure53. Sec 3385: NTP-01-010 NTP: ereallocarray()/eallocarray() underused (Pentest report 01.2017) Reported by Cure53. Sec 3384 / CVE-2017-6455 / VU#325339: NTP-01-009 NTP: Windows: Privileged execution of User Library code (Pentest report 01.2017) Reported by Cure53. Sec 3383 / CVE-2017-6452 / VU#325339: NTP-01-008 NTP: Windows Installer: Stack Buffer Overflow from Command Line (Pentest report 01.2017) Reported by Cure53. Sec 3382 / CVE-2017-6459 / VU#325339: NTP-01-007 NTP: Windows Installer: Data Structure terminated insufficiently (Pentest report 01.2017) Reported by Cure53. Sec 3381: NTP-01-006 NTP: Copious amounts of Unused Code (Pentest report 01.2017) Reported by Cure53. Sec 3380: NTP-01-005 NTP: Off-by-one in Oncore GPS Receiver (Pentest report 01.2017) Reported by Cure53. Sec 3379 / CVE-2017-6458 / VU#325339: NTP-01-004 NTP: Potential Overflows in ctl_put() functions (Pentest report 01.2017) Reported by Cure53. Sec 3378 / CVE-2017-6451 / VU#325339: NTP-01-003 Improper use of snprintf() in mx4200_send() (Pentest report 01.2017) Reported by Cure53. Sec 3377 / CVE-2017-6460 / VU#325339: NTP-01-002 Buffer Overflow in ntpq when fetching reslist (Pentest report 01.2017) Reported by Cure53. Sec 3376: NTP-01-001 Makefile does not enforce Security Flags (Pentest report 01.2017) Reported by Cure53. Sec 3361 / CVE-2016-9042 / VU#325339: 0rigin Reported by Matthew Van Gundy of Cisco ASIG.
Umm, /bin/sh ../libtool --tag=CC --mode=link x86_64-pc-linux-gnu-gcc -ffunction-sections -fdata-sections -Wall -Wcast-align -Wcast-qual -Wmissing-prototypes -Wpointer-arith -Wshadow -Winit-self -Wstrict-overflow -Wno-strict-prototypes -pie -fPIE -fPIC -fstack-protector-all -O1 -O2 -pipe -march=native -z relro -z now -Wl,--hash-style=gnu -Wl,-O1 -Wl,--as-needed -o ntpsnmpd netsnmp_daemonize.o ntpsnmpd.o ntpSnmpSubagentObject.o ntpsnmpd-opts.o ../ntpq/libntpq.a ../libntp/libntp.a -L/usr/lib64 -lnetsnmpmibs -ldl -lnetsnmpagent -lwrap -lnetsnmp -lcrypto -lm -Wl,--gc-sections -lm -pthread -lssl -ldl -lz -lcrypto -ldl -lz ../sntp/libopts/libopts.la libtool: link: x86_64-pc-linux-gnu-gcc -ffunction-sections -fdata-sections -Wall -Wcast-align -Wcast-qual -Wmissing-prototypes -Wpointer-arith -Wshadow -Winit-self -Wstrict-overflow -Wno-strict-prototypes -pie -fPIE -fPIC -fstack-protector-all -O1 -O2 -pipe -march=native -z relro -z now -Wl,--hash-style=gnu -Wl,-O1 -Wl,--as-needed -o ntpsnmpd netsnmp_daemonize.o ntpsnmpd.o ntpSnmpSubagentObject.o ntpsnmpd-opts.o -Wl,--gc-sections -pthread ../ntpq/libntpq.a ../libntp/libntp.a -L/usr/lib64 -lnetsnmpmibs -lnetsnmpagent -lwrap -lnetsnmp -lm -lssl -lcrypto -ldl -lz ../sntp/libopts/.libs/libopts.a -pthread /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/../../../../x86_64-pc-linux-gnu/bin/ld: ../ntpq/libntpq.a(libntpq_a-libntpq.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/../../../../x86_64-pc-linux-gnu/bin/ld: ../ntpq/libntpq.a(libntpq_a-libntpq_subs.o): relocation R_X86_64_32 against symbol `g_varlist' can not be used when making a shared object; recompile with -fPIC /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/../../../../x86_64-pc-linux-gnu/bin/ld: ../ntpq/libntpq.a(libntpq_a-libntpq_subs.o): warning: relocation against `free@@GLIBC_2.2.5' in readonly section `.text' /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/../../../../x86_64-pc-linux-gnu/bin/ld: final link failed: Nonrepresentable section on output collect2: error: ld returned 1 exit status
(In reply to Michael Weber from comment #1) > Umm, nvm, apparently fixed by commit 494143c3b4921a5c8b8596d58f2c8b98296bf688 Author: Patrick McLean <chutzpah@gentoo.org> Date: Wed Mar 22 11:52:01 2017 -0700 net-misc/ntp: Add patch to fix build with gcc-4.9
Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself.
The ntp-4.2.8_p10 ebuild in the tree currently does not include the libressl patch that was included in the ntp-4.2.8_p9 ebuild. This is a problem because the _p10 ebuild does not build with libressl (for the same reasons as the _p9 did not build without the patch). The impact of this is that users like myself with libressl installed cannot upgrade to this ebuild and thus have to remain vulnerable. IMHO this needs to be fixed before we can stabilise the package.
commit ce3be83bafb6e93161bf5808ffe097d53655f6b0 Author: Patrick McLean <chutzpah@gentoo.org> Date: Thu Mar 30 17:12:55 2017 -0700 net-misc/ntp: Add patch to build 4.2.8_p10 with libressl Package-Manager: Portage-2.3.5, Repoman-2.3.2
Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself. Will call for stabilization on June 17 if not done by maintainer before.
Security, please fix CVE-2017-9042 - this is a binutils CVE [1,2] tracked by [3]. Removing alias. [1] https://access.redhat.com/security/cve/cve-2017-9042 [2] https://nvd.nist.gov/vuln/detail/CVE-2017-9042 [3] https://bugs.gentoo.org/show_bug.cgi?id=618826
@ Arches, please test and mark stable: =net-misc/ntp-4.2.8_p10-r1
amd64 stable
x86 stable
sparc stable
ia64 stable
arm stable
ppc64 stable
Stable on alpha.
ppc stable
Arches, please finish stabilizing hppa Gentoo Security Padawan ChrisADR
hppa stable
@maintainers, please clean the vulnerable versions.
commit 6d5d02e1341ffa76de4b26a6963d99699afba0c6 (HEAD -> master, origin/master, origin/HEAD) Author: Lars Wendler <polynomial-c@gentoo.org> Date: Fri Oct 20 11:05:20 2017 net-misc/ntp: Security cleanup (bug #613550). Package-Manager: Portage-2.3.12, Repoman-2.3.3
