ntp 1:4.2.8p4+dfsg-3ubuntu6 source package in Ubuntu
Changelog
ntp (1:4.2.8p4+dfsg-3ubuntu6) yakkety; urgency=medium
* SECURITY UPDATE: Deja Vu replay attack on authenticated broadcast mode
- debian/patches/CVE-2015-7973.patch: improve timestamp verification in
include/ntp.h, ntpd/ntp_proto.c.
- CVE-2015-7973
* SECURITY UPDATE: impersonation between authenticated peers
- debian/patches/CVE-2015-7974.patch: check key ID in ntpd/ntp_proto.c.
- CVE-2015-7974
* SECURITY UPDATE: ntpq buffer overflow
- debian/patches/CVE-2015-7975.patch: add length check to ntpq/ntpq.c.
- CVE-2015-7975
* SECURITY UPDATE: ntpq saveconfig command allows dangerous characters in
filenames
- debian/patches/CVE-2015-7976.patch: check filename in
ntpd/ntp_control.c.
- CVE-2015-7976
* SECURITY UPDATE: restrict list denial of service
- debian/patches/CVE-2015-7977-7978.patch: improve restrict list
processing in ntpd/ntp_request.c.
- CVE-2015-7977
- CVE-2015-7978
* SECURITY UPDATE: authenticated broadcast mode off-path denial of
service
- debian/patches/CVE-2015-7979.patch: add more checks to
ntpd/ntp_proto.c.
- CVE-2015-7979
- CVE-2016-1547
* SECURITY UPDATE: Zero Origin Timestamp Bypass
- debian/patches/CVE-2015-8138.patch: check p_org in ntpd/ntp_proto.c.
- CVE-2015-8138
* SECURITY UPDATE: potential infinite loop in ntpq
- debian/patches/CVE-2015-8158.patch: add time checks to ntpdc/ntpdc.c,
ntpq/ntpq.c.
- CVE-2015-8158
* SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050)
- debian/ntp.cron.daily: fix security issues, patch thanks to halfdog!
- CVE-2016-0727
* SECURITY UPDATE: time spoofing via interleaved symmetric mode
- debian/patches/CVE-20xx-xxxx.patch: check for bogus packets in
ntpd/ntp_proto.c.
- CVE-2016-1548
* SECURITY UPDATE: buffer comparison timing attacks
- debian/patches/CVE-2016-1550.patch: use CRYPTO_memcmp in
libntp/a_md5encrypt.c, sntp/crypto.c.
- CVE-2016-1550
* SECURITY UPDATE: DoS via duplicate IPs on unconfig directives
- debian/patches/CVE-2016-2516.patch: improve logic in
ntpd/ntp_request.c.
- CVE-2016-2516
* SECURITY UPDATE: denial of service via crafted addpeer
- debian/patches/CVE-2016-2518.patch: check mode value in
ntpd/ntp_request.c.
- CVE-2016-2518
-- Marc Deslauriers <email address hidden> Wed, 01 Jun 2016 08:38:07 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Yakkety
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- net
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| ntp_4.2.8p4+dfsg.orig.tar.gz | 6.7 MiB | 6da2529b5d9ee4ac01fb64d127426b254c6defa3098a456a6f71736920f4e4ed |
| ntp_4.2.8p4+dfsg-3ubuntu6.debian.tar.xz | 71.3 KiB | c684a992e7f19a08c4618b3785643fef3a344a80dbd7a444a7d9f881810e0380 |
| ntp_4.2.8p4+dfsg-3ubuntu6.dsc | 2.3 KiB | 8af1fb90dc8f5d1e9f05d8b6ed2195659b99c46dd1e75e9e8928e59c488be302 |
Available diffs
Binary packages built by this source
- ntp: No summary available for ntp in ubuntu yakkety.
No description available for ntp in ubuntu yakkety.
- ntp-dbgsym: No summary available for ntp-dbgsym in ubuntu yakkety.
No description available for ntp-dbgsym in ubuntu yakkety.
- ntp-doc: No summary available for ntp-doc in ubuntu yakkety.
No description available for ntp-doc in ubuntu yakkety.
- ntpdate: No summary available for ntpdate in ubuntu yakkety.
No description available for ntpdate in ubuntu yakkety.
- ntpdate-dbgsym: No summary available for ntpdate-dbgsym in ubuntu yakkety.
No description available for ntpdate-dbgsym in ubuntu yakkety.
