diff options
author | Zhang Xiao <xiao.zhang@windriver.com> | 2014-08-14 11:14:46 +0800 |
---|---|---|
committer | Martin Jansa <Martin.Jansa@gmail.com> | 2014-08-21 21:35:05 +0200 |
commit | 622ad1538bd931e3bda6c8a9c4cd879db454d15d (patch) | |
tree | 9e543f3135672dedc45062f84c69de6d44026756 /meta-networking/recipes-support/ntp/ntp.inc | |
parent | 55ebea4bb0909e936ad89c17abfeb3549937aefa (diff) | |
download | meta-openembedded-622ad1538bd931e3bda6c8a9c4cd879db454d15d.tar.gz |
ntp: fix CVE-2013-5211
The monlist feature in ntp_request.c in ntpd in NTP before
4.2.7p26 allows remote attackers to cause a denial of service
(traffic amplification) via forged (1) REQ_MON_GETLIST or
(2) REQ_MON_GETLIST_1 requests, as exploited in the wild
in December 2013.
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-networking/recipes-support/ntp/ntp.inc')
-rw-r--r-- | meta-networking/recipes-support/ntp/ntp.inc | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/ntp/ntp.inc b/meta-networking/recipes-support/ntp/ntp.inc index 2c8f48864..b63f202fe 100644 --- a/meta-networking/recipes-support/ntp/ntp.inc +++ b/meta-networking/recipes-support/ntp/ntp.inc | |||
@@ -24,6 +24,7 @@ SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.g | |||
24 | file://sntp \ | 24 | file://sntp \ |
25 | file://ntpd.list \ | 25 | file://ntpd.list \ |
26 | file://ntp-disable-debugging.patch \ | 26 | file://ntp-disable-debugging.patch \ |
27 | file://CVE-2013-5211.patch \ | ||
27 | " | 28 | " |
28 | 29 | ||
29 | inherit autotools update-rc.d useradd systemd | 30 | inherit autotools update-rc.d useradd systemd |