ntpd 4.2.4p8 - up to date?
Tom Evans
tevans.uk at googlemail.com
Fri Nov 1 16:31:10 UTC 2013
On Fri, Nov 1, 2013 at 4:05 PM, Karl Pielorz <kpielorz_lst at tdx.co.uk> wrote:
>
> Hi,
>
> A friend who uses linux a lot happened to notice on a FreeBSD box I
> installed the other day and updated to 9.2-R that it's using ntpd 4.2.4p8.
>
> They reckon that's had a lot of issues (e.g. CVE reports) against it - and
> it should be newer.
>
> I'm sure the one it has been 'updated' with is secure - and just reports
> that version, but if someone can confirm that'd be great,
>
Don't take anything I say as confirmation, but I would have thought,
looking at this page [1], that he is wrong. All the CVEs listed there
say they apply to "before 4.2.4p8" or a lower version.
Cheers
Tom
[1] http://www.cvedetails.com/vulnerability-list/vendor_id-2153/NTP.html
More information about the freebsd-security
mailing list