FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  567027
Date:      2021-03-03
Time:      06:41:42Z
Committer: ohauer

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
8db8d62a-b08b-11e6-8eba-d050996490d0	ntp -- multiple vulnerabilities Network Time Foundation reports: NTF's NTP Project is releasing ntp-4.2.8p9, which addresses: 1 HIGH severity vulnerability that only affects Windows 2 MEDIUM severity vulnerabilities 2 MEDIUM/LOW severity vulnerabilities 5 LOW severity vulnerabilities 28 other non-security fixes and improvements All of the security issues in this release are listed in VU#633847. Discovery 2016-11-21 Entry 2016-11-22 ntp lt 4.2.8p9 ntp-devel gt 0 CVE-2016-7426 CVE-2016-7427 CVE-2016-7428 CVE-2016-7429 CVE-2016-7431 CVE-2016-7433 CVE-2016-7434 CVE-2016-9310 CVE-2016-9311 CVE-2016-9312 http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se http://www.kb.cert.org/vuls/id/633847
af485ef4-1c58-11e8-8477-d05099c0ae8c	ntp -- multiple vulnerabilities Network Time Foundation reports: The NTP Project at Network Time Foundation is releasing ntp-4.2.8p11. This release addresses five security issues in ntpd: LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability: ephemeral association attack INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated ephemeral associations LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode cannot recover from bad state LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet can reset authenticated interleaved association one security issue in ntpq: MEDIUM: Sec 3414 / CVE-2018-7183 / VU#961909: ntpq:decodearr() can write beyond its buffer limit and provides over 33 bugfixes and 32 other improvements. Discovery 2018-02-27 Entry 2018-02-28 Modified 2018-03-14 FreeBSD ge 11.1 lt 11.1_7 ge 10.4 lt 10.4_6 ge 10.3 lt 10.3_27 ntp lt 4.2.8p11 ntp-devel gt 0 CVE-2016-1549 CVE-2018-7182 CVE-2018-7170 CVE-2018-7184 CVE-2018-7185 CVE-2018-7183 SA-18:02.ntp http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S

VuXML ID

Description

8db8d62a-b08b-11e6-8eba-d050996490d0

ntp -- multiple vulnerabilities

Network Time Foundation reports:

NTF's NTP Project is releasing ntp-4.2.8p9, which addresses:

1 HIGH severity vulnerability that only affects Windows

2 MEDIUM severity vulnerabilities

2 MEDIUM/LOW severity vulnerabilities

5 LOW severity vulnerabilities

28 other non-security fixes and improvements

All of the security issues in this release are listed in VU#633847.

Discovery 2016-11-21
Entry 2016-11-22
ntp

lt 4.2.8p9

ntp-devel

gt 0

CVE-2016-7426
CVE-2016-7427
CVE-2016-7428
CVE-2016-7429
CVE-2016-7431
CVE-2016-7433
CVE-2016-7434
CVE-2016-9310
CVE-2016-9311
CVE-2016-9312
http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se
http://www.kb.cert.org/vuls/id/633847

af485ef4-1c58-11e8-8477-d05099c0ae8c

ntp -- multiple vulnerabilities

Network Time Foundation reports:

The NTP Project at Network Time Foundation is releasing ntp-4.2.8p11.

This release addresses five security issues in ntpd:

LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability: ephemeral association attack

INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak

LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated ephemeral associations

LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode cannot recover from bad state

LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet can reset authenticated interleaved association

one security issue in ntpq:

MEDIUM: Sec 3414 / CVE-2018-7183 / VU#961909: ntpq:decodearr() can write beyond its buffer limit

and provides over 33 bugfixes and 32 other improvements.

Discovery 2018-02-27
Entry 2018-02-28
Modified 2018-03-14
FreeBSD

ge 11.1 lt 11.1_7

ge 10.4 lt 10.4_6

ge 10.3 lt 10.3_27

ntp

lt 4.2.8p11

ntp-devel

gt 0

CVE-2016-1549
CVE-2018-7182
CVE-2018-7170
CVE-2018-7184
CVE-2018-7185
CVE-2018-7183
SA-18:02.ntp
http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S