Overview

File _patchinfo of Package patchinfo.29401

<patchinfo incident="29401">
  <issue tracker="bnc" id="1210390">VUL-0: CVE-2023-26555: ntp: ntpd: out-of-bounds write in praecis_parse in ntpd/refclock_palisade.c</issue>
  <issue tracker="cve" id="2023-26555"/>
  <packager>rmax</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for ntp</summary>
  <description>This update for ntp fixes the following issues:

ntp was updated to 4.2.8p17:

* Fix some regressions of 4.2.8p16

Update to 4.2.8p16:

* [Sec 3808] Assertion failure in ntpq on malformed RT-11 date
* [Sec 3807], bsc#1210390, CVE-2023-26555:
  praecis_parse() in the Palisade refclock driver has a
  hypothetical input buffer overflow.
* [Sec 3767] An OOB KoD RATE value triggers an assertion when
  debug is enabled.
* Multiple bug fixes and improvements. For details, see /usr/share/doc/packages/ntp/ChangeLog

   http://www.ntp.org/support/securitynotice/4_2_8-series-changelog/

- CVE-2023-26555: Fixed assertion failure on malformed RT-11 dates (bsc#1210390).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places