Browse code
ntp: Upgrade ntp to 4.2.8p12
A DoS vulnerability was reported on ntp package related to
stack based buffer overflow in ntpq and ntpdc. Upgraded
version of ntp-4.2.8p12 has the fix for this vulnerability.
Fix for CVE-2018-12327.
Change-Id: Iaff46071d5ab2e6c0fec547833cf5ea9ae89b737
Signed-off-by: srinidhira0 <srinidhir@vmware.com>
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5530
Reviewed-by: Sharath George
Tested-by: Sharath George
srinidhira0 authored on 2018/08/24 21:34:53Showing 1 changed files
| ... | ... |
@@ -1,14 +1,14 @@ |
| 1 | 1 |
Summary: Network Time Protocol reference implementation |
| 2 | 2 |
Name: ntp |
| 3 |
-Version: 4.2.8p11 |
|
| 4 |
-Release: 2%{?dist}
|
|
| 3 |
+Version: 4.2.8p12 |
|
| 4 |
+Release: 1%{?dist}
|
|
| 5 | 5 |
License: NTP |
| 6 | 6 |
URL: http://www.ntp.org/ |
| 7 | 7 |
Group: System Environment/NetworkingPrograms |
| 8 | 8 |
Vendor: VMware, Inc. |
| 9 | 9 |
Distribution: Photon |
| 10 | 10 |
Source0: https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/%{name}-%{version}.tar.gz
|
| 11 |
-%define sha1 ntp=b20352bb76963a0ef5ec07ba99c2bb97ec6b6aeb |
|
| 11 |
+%define sha1 ntp=316a0c823beb3ea12c8ce125442a0cda15c45d73 |
|
| 12 | 12 |
|
| 13 | 13 |
#https://github.com/darkhelmet/ntpstat |
| 14 | 14 |
Source1: ntpstat-master.zip |
| ... | ... |
@@ -141,6 +141,8 @@ rm -rf %{buildroot}/*
|
| 141 | 141 |
%{_mandir}/man8/ntpstat.8*
|
| 142 | 142 |
|
| 143 | 143 |
%changelog |
| 144 |
+* Wed Aug 22 2018 Srinidhi Rao <srinidhir@vmware.com> 4.2.8p12-1 |
|
| 145 |
+- Upgrade version to 4.2.8p12. |
|
| 144 | 146 |
* Wed Aug 1 2018 Srinidhi Rao <srinidhir@vmware.com> 4.2.8p11-2 |
| 145 | 147 |
- Update requires tag in the ntp spec file to include the |
| 146 | 148 |
- perl-IO-Socket and perl-Net-SSLeay dependencies. |