[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [venglin@FREEBSD.LUBLIN.PL: ntpd =< 4.0.99k remote buffer overflow]



On Wed, Apr 04, 2001 at 11:14:31PM -0500, Bud Rogers wrote:
> On Wednesday 04 April 2001 22:24, Noah L. Meyerhans wrote:
> > It would appear that every supported Debian version is currently
> > vulnerable...  Note that I've not tested this myself, but our version of
> > ntp is definitely supposed to be vulnerable.
> 
> And unfortunately, 4.0.99k seems to be the latest version available unless 
> you go to CVS.

Yes.  The fix has been made in the FreeBSD CVS repository.  I'm going to
see about integrating it with our sources now.  If I get a safe copy
built I'll make a signed .deb available.  I'm not a member of the
official Debian security team, though, so you shouldn't necessarily
trust me...

noah

-- 
 _______________________________________________________
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html 

Attachment: pgph1WEW3Z4Vo.pgp
Description: PGP signature


Reply to: