diff options
author | Peter Marko <peter.marko@siemens.com> | 2023-03-14 20:49:28 +0100 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2023-03-16 08:13:19 -0400 |
commit | fd298f6e6b029302e3988a3898dc76a74e5688e6 (patch) | |
tree | 48e08fdfa4f12cc1570b6c8f0ae97f10140baf9f | |
parent | c401890cfe73bb437d29ccaadb7fd13cff08d644 (diff) | |
download | meta-openembedded-contrib-fd298f6e6b029302e3988a3898dc76a74e5688e6.tar.gz |
ntp: whitelist CVE-2019-11331
Links from https://nvd.nist.gov/vuln/detail/CVE-2019-11331 lead to
conclusion that this is how icurrent ntp protocol is designed.
New RFC is propsed for future but it will not be compatible with current
one.
See https://support.f5.com/csp/article/K09940637
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb b/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb index a30f720bb5..91e4945a17 100644 --- a/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb +++ b/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb @@ -29,6 +29,7 @@ SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.g SRC_URI[sha256sum] = "f65840deab68614d5d7ceb2d0bb9304ff70dcdedd09abb79754a87536b849c19" # CVE-2016-9312 is only for windows. +# CVE-2019-11331 is inherent to RFC 5905 and cannot be fixed without breaking compatibility # The other CVEs are not correctly identified because cve-check # is not able to check the version correctly (it only checks for 4.2.8 omitting p15 that makes the difference) CVE_CHECK_IGNORE += "\ @@ -52,6 +53,7 @@ CVE_CHECK_IGNORE += "\ CVE-2016-7433 \ CVE-2016-9310 \ CVE-2016-9311 \ + CVE-2019-11331 \ " |