Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3d7c568f by Salvatore Bonaccorso at 2018-02-28T07:05:52+01:00
Add information for new ntp issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1140,14 +1140,30 @@ CVE-2018-7187 (The "go get" implementation in
Go 1.9.4, when the -inse
[jessie] - golang <ignored> (Minor issue)
NOTE: https://github.com/golang/go/issues/23867
NOTE:
https://github.com/golang/go/commit/c941e27e70c3e06e1011d2dd71d72a7a06a9bcbc
-CVE-2018-7185
- RESERVED
-CVE-2018-7184
- RESERVED
-CVE-2018-7183
- RESERVED
-CVE-2018-7182
- RESERVED
+CVE-2018-7185 [Unauthenticated packet can reset authenticated interleaved
association]
+ RESERVED
+ - ntp <unfixed>
+ NOTE: http://www.kb.cert.org/vuls/id/961909
+ NOTE: http://support.ntp.org/bin/view/Main/NtpBug3454
+ NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
+CVE-2018-7184 [Interleaved symmetric mode cannot recover from bad state]
+ RESERVED
+ - ntp <unfixed>
+ NOTE: http://www.kb.cert.org/vuls/id/961909
+ NOTE: http://support.ntp.org/bin/view/Main/NtpBug3453
+ NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
+CVE-2018-7183 [ntpq:decodearr() can write beyond its buffer limit]
+ RESERVED
+ - ntp <unfixed>
+ NOTE: http://www.kb.cert.org/vuls/id/961909
+ NOTE: http://support.ntp.org/bin/view/Main/NtpBug3414
+ NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
+CVE-2018-7182 [ctl_getitem(): buffer read overrun leads to undefined behavior
and information leak]
+ RESERVED
+ - ntp <unfixed>
+ NOTE: http://www.kb.cert.org/vuls/id/961909
+ NOTE: http://support.ntp.org/bin/view/Main/NtpBug3412
+ NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
CVE-2018-7181
RESERVED
CVE-2017-18190 (A localhost.localdomain whitelist entry in valid_host() in ...)
@@ -1195,8 +1211,12 @@ CVE-2018-7172 (In index.php in WonderCMS 2.4.0, remote
attackers can delete arbi
TODO: check
CVE-2018-7171
RESERVED
-CVE-2018-7170
+CVE-2018-7170 [Multiple authenticated ephemeral associations]
RESERVED
+ - ntp <unfixed>
+ NOTE: http://www.kb.cert.org/vuls/id/961909
+ NOTE: http://support.ntp.org/bin/view/Main/NtpBug3415
+ NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
CVE-2018-7169 (An issue was discovered in shadow 4.5. newgidmap (in
shadow-utils) is ...)
- shadow <unfixed> (bug #890557)
[stretch] - shadow <no-dsa> (Minor issue)
@@ -97219,6 +97239,8 @@ CVE-2016-1549 (A malicious authenticated peer can
create arbitrarily-many epheme
[jessie] - ntp <no-dsa> (Minor issue)
[wheezy] - ntp <no-dsa> (Minor issue)
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
+ NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
+ NOTE: additional significant protection went into ntp-4.2.8p11.
CVE-2016-1548 (An attacker can spoof a packet from a legitimate ntpd server
with an ...)
{DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3d7c568f9b056e1693aacfbc608a5655857c955d
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3d7c568f9b056e1693aacfbc608a5655857c955d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
