Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3d7c568f by Salvatore Bonaccorso at 2018-02-28T07:05:52+01:00 Add information for new ntp issues - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1140,14 +1140,30 @@ CVE-2018-7187 (The "go get" implementation in Go 1.9.4, when the -inse [jessie] - golang <ignored> (Minor issue) NOTE: https://github.com/golang/go/issues/23867 NOTE: https://github.com/golang/go/commit/c941e27e70c3e06e1011d2dd71d72a7a06a9bcbc -CVE-2018-7185 - RESERVED -CVE-2018-7184 - RESERVED -CVE-2018-7183 - RESERVED -CVE-2018-7182 - RESERVED +CVE-2018-7185 [Unauthenticated packet can reset authenticated interleaved association] + RESERVED + - ntp <unfixed> + NOTE: http://www.kb.cert.org/vuls/id/961909 + NOTE: http://support.ntp.org/bin/view/Main/NtpBug3454 + NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S +CVE-2018-7184 [Interleaved symmetric mode cannot recover from bad state] + RESERVED + - ntp <unfixed> + NOTE: http://www.kb.cert.org/vuls/id/961909 + NOTE: http://support.ntp.org/bin/view/Main/NtpBug3453 + NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S +CVE-2018-7183 [ntpq:decodearr() can write beyond its buffer limit] + RESERVED + - ntp <unfixed> + NOTE: http://www.kb.cert.org/vuls/id/961909 + NOTE: http://support.ntp.org/bin/view/Main/NtpBug3414 + NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S +CVE-2018-7182 [ctl_getitem(): buffer read overrun leads to undefined behavior and information leak] + RESERVED + - ntp <unfixed> + NOTE: http://www.kb.cert.org/vuls/id/961909 + NOTE: http://support.ntp.org/bin/view/Main/NtpBug3412 + NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S CVE-2018-7181 RESERVED CVE-2017-18190 (A localhost.localdomain whitelist entry in valid_host() in ...) @@ -1195,8 +1211,12 @@ CVE-2018-7172 (In index.php in WonderCMS 2.4.0, remote attackers can delete arbi TODO: check CVE-2018-7171 RESERVED -CVE-2018-7170 +CVE-2018-7170 [Multiple authenticated ephemeral associations] RESERVED + - ntp <unfixed> + NOTE: http://www.kb.cert.org/vuls/id/961909 + NOTE: http://support.ntp.org/bin/view/Main/NtpBug3415 + NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S CVE-2018-7169 (An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is ...) - shadow <unfixed> (bug #890557) [stretch] - shadow <no-dsa> (Minor issue) @@ -97219,6 +97239,8 @@ CVE-2016-1549 (A malicious authenticated peer can create arbitrarily-many epheme [jessie] - ntp <no-dsa> (Minor issue) [wheezy] - ntp <no-dsa> (Minor issue) NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security + NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S + NOTE: additional significant protection went into ntp-4.2.8p11. CVE-2016-1548 (An attacker can spoof a packet from a legitimate ntpd server with an ...) {DSA-3629-1 DLA-559-1} - ntp 1:4.2.8p7+dfsg-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3d7c568f9b056e1693aacfbc608a5655857c955d --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3d7c568f9b056e1693aacfbc608a5655857c955d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits