ntp: whitelist CVE-2019-11331

Links from https://nvd.nist.gov/vuln/detail/CVE-2019-11331 lead to conclusion that this is how icurrent ntp protocol is designed. New RFC is propsed for future but it will not be compatible with current one. See https://support.f5.com/csp/article/K09940637 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 648912f72d) Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-01-01 13:58:06 +00:00 · 2023-03-14 20:49:28 +01:00 · 2023-03-14 20:49:28 +01:00 · 61012643b2
commit 61012643b2
parent d0f967eef4
1 changed files with 2 additions and 0 deletions
--- a/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
+++ b/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb
@ -27,6 +27,7 @@ SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.g
 SRC_URI[sha256sum] = "f65840deab68614d5d7ceb2d0bb9304ff70dcdedd09abb79754a87536b849c19"

 # CVE-2016-9312 is only for windows.
+# CVE-2019-11331 is inherent to RFC 5905 and cannot be fixed without breaking compatibility
 # The other CVEs are not correctly identified because cve-check
 # is not able to check the version correctly (it only checks for 4.2.8 omitting p15 that makes the difference)
 CVE_CHECK_IGNORE += "\
@ -50,6 +51,7 @@ CVE_CHECK_IGNORE += "\
    CVE-2016-7433 \
    CVE-2016-9310 \
    CVE-2016-9311 \
+    CVE-2019-11331 \
 "