ntpd 4.2.4p8 - up to date?
Karl Pielorz
kpielorz_lst at tdx.co.uk
Sat Nov 2 20:24:57 UTC 2013
--On 2 November 2013 01:18:24 +0100 Dimitry Andric <dim at FreeBSD.org> wrote:
>> [1] http://www.cvedetails.com/vulnerability-list/vendor_id-2153/NTP.html
>
> That page lists a bunch of CVEs, and the relevant ones have already had
> FreeBSD security advisories:
>
> CVE-2009-3563
> http://www.freebsd.org/security/advisories/FreeBSD-SA-10:02.ntpd.asc
> CVE-2009-1252
> http://www.freebsd.org/security/advisories/FreeBSD-SA-09:11.ntpd.asc
> CVE-2009-0159 not relevant, NTP before 4.2.4p7-RC2
> CVE-2009-0021 not relevant, NTP before 4.2.4p5
> CVE-2004-0657 not relevant, NTP before 4.0
So as I'd kind of guessed - it's not really vanilla 4.2.4p8 that it's
running, it's based on 4.2.4p8 with additional patches that have been
applied by FreeBSD, to address the applicable notifications?
-Karl
More information about the freebsd-security
mailing list