CVE-2016-7434 NTP
Xin LI
delphij at gmail.com
Tue Dec 13 18:18:25 UTC 2016
We plan to issue an EN to update the base system ntp to 4.2.8p9.
The high impact issue is Windows only by the way.
Cheers,
On Mon, Dec 12, 2016 at 6:18 PM, Michelle Sullivan <michelle at sorbs.net> wrote:
> Dimitry Andric wrote:
>>
>> On 08 Dec 2016, at 06:08, Michelle Sullivan <michelle at sorbs.net> wrote:
>>>
>>> Are we going to get a patch for CVE-2016-7434 on FreeBSD 9.3?
>>
>> On Nov 22, in r309009, Xin Li merged ntp 4.2.8p9, which fixes this
>> issue, to stable/9:
>>
>> https://svnweb.freebsd.org/changeset/base/309009
>>
>> Unfortunately the commit message did not mention the CVE identifier. I
>> can't find any corresponding security advisory either.
>>
>> -Dimitry
>>
> ....
>
> No updates needed to update system to 9.3-RELEASE-p52.
> No updates are available to install.
> Run '/usr/sbin/freebsd-update fetch' first.
> [root at gauntlet /]# ntpd --version
> ntpd 4.2.8p8-a (1)
>
> So no then...
>
> 9.3 is still so-say supported so I'm not talking about -STABLE.
>
> Michelle
More information about the freebsd-stable
mailing list