Overview
Request 817083 superseded
- Update to 4.2.8p15
- Fixed security issues:
* bsc#1169740, CVE-2020-11868:
DoS on client ntpd using server mode packet
* bsc#1171355, CVE-2018-8956: remote attackers may prevent a
broadcast client from synchronizing its clock with a broadcast
NTP server via spoofed mode 3 and mode 5 packets.
* bsc#1172651, CVE-2020-13817: vulnerable to off-path attack
* bsc#1173334, CVE-2020-15025: Remote DoS when CMAC key is used
- Bugfixes in 4.2.8p15 and 4.2.8p14 include:
* [Bug 3667] decodenetnum fails with numeric port
* [Bug 3666] avoid unlimited receive buffer allocation
* [Bug 3660] Manycast orphan mode startup discovery problem.
* [Bug 3655] ntpdc memstats hash counts
* [Bug 3653] Refclock jitter RMS calculation
* [Bug 3646] Avoid sync with unsync orphan
* [Bug 3644] Unsynchronized server [...] selected as candidate
* [Bug 3636] NMEA: combine time/date from multiple sentences
* [Bug 3635] Make leapsecond file hash check optional
* [Bug 3628] raw DCF decoding - improve robustness
* [Bug 3620] memory leak in ntpq sysinfo
* [Bug 3619] Honour drefid setting in cooked mode and sysinfo
* [Bug 3617] Add support for ACE III and Copernicus II receivers
* [Bug 3615] accelerate refclock startup
* [Bug 3613] Propagate noselect to mobilized pool servers
* [Bug 3612] Use-of-uninitialized-value in receive function
* [Bug 3611] NMEA time interpreted incorrectly
* [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter
* [Bug 3604] Wrong param byte order passing into
record_raw_stats() in ntp_io.c
- Created by rmax
- In state superseded
- Supersedes 817064
- Superseded by 817085
-
Open review for
factory-staging
Request History
rmax created request
- Update to 4.2.8p15
- Fixed security issues:
* bsc#1169740, CVE-2020-11868:
DoS on client ntpd using server mode packet
* bsc#1171355, CVE-2018-8956: remote attackers may prevent a
broadcast client from synchronizing its clock with a broadcast
NTP server via spoofed mode 3 and mode 5 packets.
* bsc#1172651, CVE-2020-13817: vulnerable to off-path attack
* bsc#1173334, CVE-2020-15025: Remote DoS when CMAC key is used
- Bugfixes in 4.2.8p15 and 4.2.8p14 include:
* [Bug 3667] decodenetnum fails with numeric port
* [Bug 3666] avoid unlimited receive buffer allocation
* [Bug 3660] Manycast orphan mode startup discovery problem.
* [Bug 3655] ntpdc memstats hash counts
* [Bug 3653] Refclock jitter RMS calculation
* [Bug 3646] Avoid sync with unsync orphan
* [Bug 3644] Unsynchronized server [...] selected as candidate
* [Bug 3636] NMEA: combine time/date from multiple sentences
* [Bug 3635] Make leapsecond file hash check optional
* [Bug 3628] raw DCF decoding - improve robustness
* [Bug 3620] memory leak in ntpq sysinfo
* [Bug 3619] Honour drefid setting in cooked mode and sysinfo
* [Bug 3617] Add support for ACE III and Copernicus II receivers
* [Bug 3615] accelerate refclock startup
* [Bug 3613] Propagate noselect to mobilized pool servers
* [Bug 3612] Use-of-uninitialized-value in receive function
* [Bug 3611] NMEA time interpreted incorrectly
* [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter
* [Bug 3604] Wrong param byte order passing into
record_raw_stats() in ntp_io.c
factory-auto declined review
Output of check script:
Source validator failed. Try "osc service localrun source_validator"
(E) ntp-openssl-version.patch mentioned in spec file does not exist.
factory-auto declined request
Output of check script:
Source validator failed. Try "osc service localrun source_validator"
(E) ntp-openssl-version.patch mentioned in spec file does not exist.
rmax reopened request
Now ntp-openssl-version.patch exists.
licensedigger accepted review
ok
factory-auto declined review
Output of check script:
Source validator failed. Try "osc service localrun source_validator"
(E) ntp-openssl-version.patch mentioned in spec file does not exist.
factory-auto declined request
Output of check script:
Source validator failed. Try "osc service localrun source_validator"
(E) ntp-openssl-version.patch mentioned in spec file does not exist.
superseded by 817085
