From owner-freebsd-security@FreeBSD.ORG Mon Dec 22 09:55:53 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4C992146 for ; Mon, 22 Dec 2014 09:55:53 +0000 (UTC) Received: from mail.cleverbridge.com (mail.cleverbridge.com [89.1.11.32]) by mx1.freebsd.org (Postfix) with ESMTP id F31C2642B0 for ; Mon, 22 Dec 2014 09:55:52 +0000 (UTC) Received: from homer.cgn.cleverbridge.com (homer.cgn.cleverbridge.com [10.0.5.150]) by mail.cleverbridge.com (Postfix) with ESMTP id 10F699C5FA9 for ; Mon, 22 Dec 2014 10:50:29 +0100 (CET) Received: from localhost (unknown [127.0.0.1]) by homer.cgn.cleverbridge.com (Postfix) with ESMTP id 0D2A88B40099 for ; Mon, 22 Dec 2014 10:50:29 +0100 (CET) Received: from homer.cgn.cleverbridge.com ([127.0.0.1]) by localhost (homer.cgn.cleverbridge.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id snOrIAqSpvLN for ; Mon, 22 Dec 2014 10:50:28 +0100 (CET) Received: from localhost (unknown [127.0.0.1]) by homer.cgn.cleverbridge.com (Postfix) with ESMTP id A4A8E8B40474 for ; Mon, 22 Dec 2014 10:50:28 +0100 (CET) X-Virus-Scanned: amavisd-new at homer.cgn.cleverbridge.com Received: from homer.cgn.cleverbridge.com ([127.0.0.1]) by localhost (homer.cgn.cleverbridge.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Kt-XS2K4Rc_R for ; Mon, 22 Dec 2014 10:50:28 +0100 (CET) Received: from homer.cgn.cleverbridge.com (homer.cgn.cleverbridge.com [10.0.5.150]) by homer.cgn.cleverbridge.com (Postfix) with ESMTP id 7BC398B40099 for ; Mon, 22 Dec 2014 10:50:28 +0100 (CET) Date: Mon, 22 Dec 2014 10:50:28 +0100 (CET) From: Winfried Neessen To: freebsd-security@freebsd.org Message-ID: <252350272.1812596.1419241828431.JavaMail.zimbra@cleverbridge.com> Subject: ntpd vulnerabilities MIME-Version: 1.0 X-Originating-IP: [10.0.38.15] X-Mailer: Zimbra 8.5.0_GA_3042 (ZimbraWebClient - GC39 (Win)/8.5.0_GA_3042) Thread-Topic: ntpd vulnerabilities Thread-Index: y7iH7PKKoRTCoyzRlQfPumSB2U++3g== Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2014 09:55:53 -0000 Hi everyone, there has been a security advisory for several vulnerabilities in ntpd. Is FreeBSD affected by this? According to http://www.kb.cert.org/vuls/id/852879 OpenBSD is not affected, but I guess that's due to the fact, that they have OpenNTPd. The status for FreeBSD on that page is still "unknown". See also: http://support.ntp.org/bin/view/Main/SecurityNotice https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01 Thanks Winni