[MacPorts] #46294: ntp @4.2.7p476_1: multiple security vulnerabilities
MacPorts
noreply at macports.org
Mon Dec 22 07:16:05 PST 2014
#46294: ntp @4.2.7p476_1: multiple security vulnerabilities
--------------------------+-------------------------------
Reporter: allbery.b@… | Owner: dluke@…
Type: defect | Status: closed
Priority: High | Milestone:
Component: ports | Version: 2.3.3
Resolution: fixed | Keywords: haspatch security
Port: ntp |
--------------------------+-------------------------------
Comment (by dluke@…):
For completeness, it's worth noting that our default ntp.conf ships with a
restrict default ... noquery line, so the text in the release announcement
applies:
{{{
The vulnerabilities listed below can be significantly mitigated by
following the BCP of putting
restrict default ... noquery
in the ntp.conf file. With the exception of:
receive(): missing return on error
References: Sec 2670 / CVE-2014-9296 / VU#852879
below (which is a limited-risk vulnerability), none of the recent
vulnerabilities listed below can be exploited if the source IP is
restricted from sending a 'query'-class packet by your ntp.conf file.
}}}
--
Ticket URL: <https://trac.macports.org/ticket/46294#comment:7>
MacPorts <https://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list