A DoS vulnerability was reported on ntp package related to
stack based buffer overflow in ntpq and ntpdc. Upgraded
version of ntp-4.2.8p12 has the fix for this vulnerability.
Fix for CVE-2018-12327.
Change-Id: Icd1fd52d8fe7e0618c789ce0b13328eba4952150
Signed-off-by: srinidhira0 <srinidhir@vmware.com>
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5521
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Sharath George
... | ... |
@@ -1,6 +1,6 @@ |
1 | 1 |
Summary: Network Time Protocol reference implementation |
2 | 2 |
Name: ntp |
3 |
-Version: 4.2.8p11 |
|
3 |
+Version: 4.2.8p12 |
|
4 | 4 |
Release: 1%{?dist} |
5 | 5 |
License: NTP |
6 | 6 |
URL: http://www.ntp.org/ |
... | ... |
@@ -8,7 +8,7 @@ Group: System Environment/NetworkingPrograms |
8 | 8 |
Vendor: VMware, Inc. |
9 | 9 |
Distribution: Photon |
10 | 10 |
Source0: https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/%{name}-%{version}.tar.gz |
11 |
-%define sha1 ntp=b20352bb76963a0ef5ec07ba99c2bb97ec6b6aeb |
|
11 |
+%define sha1 ntp=316a0c823beb3ea12c8ce125442a0cda15c45d73 |
|
12 | 12 |
|
13 | 13 |
#https://github.com/darkhelmet/ntpstat |
14 | 14 |
Source1: ntpstat-master.zip |
... | ... |
@@ -173,6 +173,8 @@ rm -rf %{buildroot}/* |
173 | 173 |
%{_mandir}/man8/ntpstat.8* |
174 | 174 |
|
175 | 175 |
%changelog |
176 |
+* Wed Aug 22 2018 Srinidhi Rao <srinidhir@vmware.com> 4.2.8p12-1 |
|
177 |
+- Upgrade version to 4.2.8p12. |
|
176 | 178 |
* Mon Mar 05 2018 Xiaolin Li <xiaolinl@vmware.com> 4.2.8p11-1 |
177 | 179 |
- Upgrade version to 4.2.8p11 and move perl scripts to perl subpackage. |
178 | 180 |
* Mon Sep 18 2017 Alexey Makhalov <amakhalov@vmware.com> 4.2.8p10-4 |