CVE-2016-7434 NTP

Michelle Sullivan michelle at sorbs.net
Tue Dec 13 02:19:00 UTC 2016


Dimitry Andric wrote:
> On 08 Dec 2016, at 06:08, Michelle Sullivan <michelle at sorbs.net> wrote:
>> Are we going to get a patch for CVE-2016-7434 on FreeBSD 9.3?
> On Nov 22, in r309009, Xin Li merged ntp 4.2.8p9, which fixes this
> issue, to stable/9:
>
> https://svnweb.freebsd.org/changeset/base/309009
>
> Unfortunately the commit message did not mention the CVE identifier.  I
> can't find any corresponding security advisory either.
>
> -Dimitry
>
....

No updates needed to update system to 9.3-RELEASE-p52.
No updates are available to install.
Run '/usr/sbin/freebsd-update fetch' first.
[root at gauntlet /]# ntpd --version
ntpd 4.2.8p8-a (1)

So no then...

9.3 is still so-say supported so I'm not talking about -STABLE.

Michelle


More information about the freebsd-stable mailing list