Change log for ntp package in Ubuntu
1 → 50 of 171 results | First • Previous • Next • Last |
Deleted in kinetic-release (Reason: (From Debian) [auto-cruft] obsolete source package) |
Published in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
ntp (1:4.2.8p15+dfsg-1ubuntu2) jammy; urgency=medium * No-change rebuild to update maintainer scripts, see LP: 1959054 -- Dave Jones <email address hidden> Wed, 16 Feb 2022 17:13:02 +0000
Available diffs
ntp (1:4.2.8p15+dfsg-1ubuntu1) jammy; urgency=medium * Merge from Debian unstable, remaining changes: - d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com. - add support for parsing systemd networkd lease files LP: 1717983 + d/ntp.dhcp add support for parsing systemd networkd lease files + d/ntp-systemd-netif.service: service to call hook + d/ntp-systemd-netif.path: respond to lease changes * Dropped changes, included in Debian: - Add Conflict/Replaces/Provides: time-daemon. - debian/rules: add -fcommon flag to CFLAGS * Dropped changes, included upstream: - debian/patches/CVE-2019-8936.patch: Guard against operations on NULL pointer in ntpd/ntp_control.c. * debian/patches/glibc-2.34.patch: compatibility with glibc 2.34.
Superseded in jammy-proposed |
ntp (1:4.2.8p12+dfsg-3ubuntu7) jammy; urgency=medium * No-change rebuild against openssl3 -- Simon Chopin <email address hidden> Mon, 29 Nov 2021 16:04:04 +0100
Available diffs
Superseded in jammy-release |
Obsolete in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
ntp (1:4.2.8p12+dfsg-3ubuntu6) impish; urgency=medium * SECURITY UPDATE: Null dereference attack in mode 6 packet (LP: #1891953) - debian/patches/CVE-2019-8936.patch: Guard against operations on NULL pointer in ntpd/ntp_control.c. - CVE-2019-8936 * Fix FTBFS with GCC-10 - debian/rules: add -fcommon flag to CFLAGS -- Brian Morton <email address hidden> Fri, 27 Nov 2020 16:10:51 -0500
Available diffs
ntp (1:4.2.8p12+dfsg-3ubuntu4.1) hirsute-security; urgency=medium * SECURITY UPDATE: Null dereference attack in mode 6 packet (LP: #1891953) - debian/patches/CVE-2019-8936.patch: Guard against operations on NULL pointer in ntpd/ntp_control.c. - CVE-2019-8936 * Fix FTBFS with GCC-10 - debian/rules: add -fcommon flag to CFLAGS -- Brian Morton <email address hidden> Fri, 27 Nov 2020 16:10:51 -0500
Available diffs
ntp (1:4.2.8p12+dfsg-3ubuntu4.20.10.1) groovy-security; urgency=medium * SECURITY UPDATE: Null dereference attack in mode 6 packet (LP: #1891953) - debian/patches/CVE-2019-8936.patch: Guard against operations on NULL pointer in ntpd/ntp_control.c. - CVE-2019-8936 * Fix FTBFS with GCC-10 - debian/rules: add -fcommon flag to CFLAGS -- Brian Morton <email address hidden> Fri, 27 Nov 2020 16:10:51 -0500
Available diffs
ntp (1:4.2.8p12+dfsg-3ubuntu4.20.04.1) focal-security; urgency=medium * SECURITY UPDATE: Null dereference attack in mode 6 packet (LP: #1891953) - debian/patches/CVE-2019-8936.patch: Guard against operations on NULL pointer in ntpd/ntp_control.c. - CVE-2019-8936 -- Brian Morton <email address hidden> Fri, 27 Nov 2020 16:10:51 -0500
Available diffs
ntp (1:4.2.8p10+dfsg-5ubuntu7.3) bionic-security; urgency=medium * SECURITY UPDATE: Null dereference attack in mode 6 packet (LP: #1891953) - debian/patches/CVE-2019-8936.patch: Guard against operations on NULL pointer in ntpd/ntp_control.c. - CVE-2019-8936 -- Brian Morton <email address hidden> Mon, 17 Aug 2020 21:58:51 -0400
Available diffs
ntp (1:4.2.8p10+dfsg-5ubuntu7.2) bionic; urgency=medium * ntpq should check return code from libcrypto calls (LP: #1884265) - debian/patches/ntpq-openssl-check.patch -- Joy Latten <email address hidden> Thu, 09 Jul 2020 21:11:52 +0000
Superseded in impish-release |
Obsolete in hirsute-release |
Obsolete in groovy-release |
Published in focal-release |
Deleted in focal-proposed (Reason: moved to Release) |
ntp (1:4.2.8p12+dfsg-3ubuntu4) focal; urgency=medium [ Bernhard Schmidt ] * Add Conflict/Replaces/Provides: time-daemon (Closes: #316549) -- Balint Reczey <email address hidden> Thu, 02 Apr 2020 19:37:06 +0200
Available diffs
ntp (1:4.2.8p4+dfsg-3ubuntu5.10) xenial-security; urgency=medium * SECURITY UPDATE: crash or possible code execution via a long string as the ipv4 host argument - debian/patches/CVE-2018-12327.patch prevent overflow of host in openhost() in ntpq/ntpq.c and ntpdc/ntpdc.c. - CVE-2018-12327 -- Mark Morlino <email address hidden> Mon, 06 Jan 2020 09:25:46 -0500
ntp (1:4.2.6.p3+dfsg-1ubuntu3.13) precise-security; urgency=medium * SECURITY UPDATE: crash or possible code execution via a long string as the ipv4 host argument - debian/patches/CVE-2018-12327.patch prevent overflow of host in openhost() in ntpq/ntpq.c and ntpdc/ntpdc.c. - CVE-2018-12327 -- Mark Morlino <email address hidden> Mon, 06 Jan 2020 09:38:04 -0500
Available diffs
ntp (1:4.2.8p12+dfsg-3ubuntu3) focal; urgency=medium * No-change rebuild for libevent soname changes. -- Matthias Klose <email address hidden> Sat, 19 Oct 2019 19:57:18 +0000
Available diffs
Superseded in focal-release |
Obsolete in eoan-release |
Deleted in eoan-proposed (Reason: moved to release) |
ntp (1:4.2.8p12+dfsg-3ubuntu2) eoan; urgency=medium * No-change upload with strops.h and sys/strops.h removed in glibc. -- Matthias Klose <email address hidden> Thu, 05 Sep 2019 11:04:26 +0000
Available diffs
Superseded in eoan-release |
Obsolete in disco-release |
Deleted in disco-proposed (Reason: moved to release) |
ntp (1:4.2.8p12+dfsg-3ubuntu1) disco; urgency=medium * Merge with Debian unstable (LP: #1806382). Remaining changes: - d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com. - add support for parsing systemd networkd lease files LP: 1717983 + d/ntp.dhcp add support for parsing systemd networkd lease files + d/ntp-systemd-netif.service: service to call hook + d/ntp-systemd-netif.path: respond to lease changes * Dropped Changes (accepted in Debian) - Add PPS support (this is accepted in Debian and only had some readme and example entries left):
Available diffs
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.13) trusty-security; urgency=medium * SECURITY UPDATE: code execution via buffer overflow in decodearr - debian/patches/CVE-2018-7183.patch: prevent writing beyons limits in ntpq/ntpq.c. - CVE-2018-7183 * SECURITY UPDATE: DoS via certain packets with a zero-origin timestamp - debian/patches/CVE-2018-7185.patch: add additional checks to ntpd/ntp_proto.c. - CVE-2018-7185 -- Marc Deslauriers <email address hidden> Fri, 06 Jul 2018 15:45:46 -0400
ntp (1:4.2.8p4+dfsg-3ubuntu5.9) xenial-security; urgency=medium * SECURITY UPDATE: code execution via buffer overflow in decodearr - debian/patches/CVE-2018-7183.patch: prevent writing beyons limits in ntpq/ntpq.c. - CVE-2018-7183 * SECURITY UPDATE: DoS via certain packets with a zero-origin timestamp - debian/patches/CVE-2018-7185.patch: add additional checks to ntpd/ntp_proto.c. - CVE-2018-7185 -- Marc Deslauriers <email address hidden> Fri, 06 Jul 2018 15:34:25 -0400
Available diffs
ntp (1:4.2.8p10+dfsg-5ubuntu3.3) artful-security; urgency=medium * SECURITY UPDATE: DoS via mode 6 packet - debian/patches/CVE-2018-7182.patch: do not compare past NUL byte in ntpd/ntp_control.c. - CVE-2018-7182 * SECURITY UPDATE: code execution via buffer overflow in decodearr - debian/patches/CVE-2018-7183.patch: prevent writing beyons limits in ntpq/ntpq.c. - CVE-2018-7183 * SECURITY UPDATE: DoS via packet with zero-origin timestamp - debian/patches/CVE-2018-7184.patch: recover from bad state in ntpd/ntp_proto.c. - CVE-2018-7184 * SECURITY UPDATE: DoS via certain packets with a zero-origin timestamp - debian/patches/CVE-2018-7185.patch: add additional checks to ntpd/ntp_proto.c. - CVE-2018-7185 -- Marc Deslauriers <email address hidden> Fri, 06 Jul 2018 15:23:18 -0400
ntp (1:4.2.8p10+dfsg-5ubuntu7.1) bionic-security; urgency=medium * SECURITY UPDATE: DoS via mode 6 packet - debian/patches/CVE-2018-7182.patch: do not compare past NUL byte in ntpd/ntp_control.c. - CVE-2018-7182 * SECURITY UPDATE: code execution via buffer overflow in decodearr - debian/patches/CVE-2018-7183.patch: prevent writing beyons limits in ntpq/ntpq.c. - CVE-2018-7183 * SECURITY UPDATE: DoS via packet with zero-origin timestamp - debian/patches/CVE-2018-7184.patch: recover from bad state in ntpd/ntp_proto.c. - CVE-2018-7184 * SECURITY UPDATE: DoS via certain packets with a zero-origin timestamp - debian/patches/CVE-2018-7185.patch: add additional checks to ntpd/ntp_proto.c. - CVE-2018-7185 -- Marc Deslauriers <email address hidden> Fri, 06 Jul 2018 15:08:42 -0400
Available diffs
Superseded in disco-release |
Obsolete in cosmic-release |
Deleted in cosmic-proposed (Reason: moved to release) |
ntp (1:4.2.8p11+dfsg-1ubuntu1) cosmic; urgency=medium * Merge with Debian unstable (LP: #1773921). Remaining changes: - d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com. - Add PPS support (LP 1512980): + debian/README.Debian: Add a PPS section to the README.Debian + debian/ntp.conf: Add some PPS configuration examples from the offical documentation. - d/ntp.dhcp add support for parsing systemd networkd lease files LP 1717983 * Dropped Changes (accepted in Debian) - d/ntp-systemd-wrapper protect systemd service startup from concurrent ntpdate processes the same way it was protected on sysv-init (LP 1706818) - debian/apparmor-profile: add attach_disconnected which is needed in some cases to let ntp report its log messages (LP 1727202). - debian/apparmor-profile: avoid denies to to arg checks (LP 1741227) - fix apparmor denial when checking for running ntpdate (LP 1749389)
Available diffs
ntp (1:4.2.8p4+dfsg-3ubuntu5.8) xenial; urgency=medium * d/apparmor-profile: fix denial checking for running ntpdate (LP: #1749389) -- Christian Ehrhardt <email address hidden> Wed, 14 Feb 2018 13:10:39 +0100
Available diffs
Superseded in cosmic-release |
Published in bionic-release |
Superseded in bionic-release |
Deleted in bionic-proposed (Reason: moved to release) |
ntp (1:4.2.8p10+dfsg-5ubuntu7) bionic; urgency=medium * fix apparmor denial when checking for running ntpdate (LP: 1749389) -- Christian Ehrhardt <email address hidden> Wed, 14 Feb 2018 09:23:36 +0100
Available diffs
ntp (1:4.2.8p10+dfsg-5ubuntu6) bionic; urgency=high * No change rebuild against openssl1.1. -- Dimitri John Ledkov <email address hidden> Mon, 05 Feb 2018 16:51:21 +0000
Available diffs
ntp (1:4.2.8p10+dfsg-5ubuntu5) bionic; urgency=medium * debian/apparmor-profile: avoid denies to to arg checks (LP: #1741227) -- Christian Ehrhardt <email address hidden> Thu, 04 Jan 2018 14:20:53 +0100
Available diffs
ntp (1:4.2.8p10+dfsg-5ubuntu3.1) artful; urgency=medium * debian/apparmor-profile: add attach_disconnected which is needed in some cases to let ntp report its log messages (LP: #1727202). -- Christian Ehrhardt <email address hidden> Mon, 18 Dec 2017 13:19:36 +0100
Available diffs
ntp (1:4.2.8p10+dfsg-5ubuntu4) bionic; urgency=medium * debian/apparmor-profile: add attach_disconnected which is needed in some cases to let ntp report its log messages (LP: #1727202). -- Christian Ehrhardt <email address hidden> Wed, 13 Dec 2017 16:31:30 +0100
Available diffs
Superseded in bionic-release |
Obsolete in artful-release |
Deleted in artful-proposed (Reason: moved to release) |
ntp (1:4.2.8p10+dfsg-5ubuntu3) artful; urgency=medium * d/ntp.dhcp add support for parsing systemd networkd lease files LP: #1717983 -- Dimitri John Ledkov <email address hidden> Tue, 03 Oct 2017 01:54:33 +0100
Available diffs
ntp (1:4.2.8p4+dfsg-3ubuntu5.7) xenial; urgency=medium * d/ntp.init: fix lock path to match the ntpdate ifup hook. Furthermore drop the usage of lockfile-progs calls and instead use flock directly. This is a backport of changes made in 1:4.2.8p7+dfsg-1 (LP: #1706818) -- Christian Ehrhardt <email address hidden> Tue, 05 Sep 2017 17:24:43 +0200
Available diffs
ntp (1:4.2.8p10+dfsg-5ubuntu2) artful; urgency=medium * d/ntp-systemd-wrapper protect systemd service startup from concurrent ntpdate processes the same way it was protected on sysv-init (LP: #1706818) -- Christian Ehrhardt <email address hidden> Tue, 05 Sep 2017 15:09:08 +0200
Available diffs
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.12) trusty; urgency=medium * debian/ntpdate.if-up: Drop delta to stop/start service around ntpdate updates - fixes ntp restart storms due to network changes, fixes accidential start of ntp, avoids issues of ntpdate jumping too far while running ntp was supposed to drift (LP: #1593907) -- Christian Ehrhardt <email address hidden> Fri, 07 Jul 2017 07:53:16 +0200
ntp (1:4.2.8p9+dfsg-2ubuntu1.2) zesty; urgency=medium * debian/ntpdate.if-up: Drop delta to stop/start service around ntpdate updates - fixes ntp restart storms due to network changes, fixes accidential start of ntp, avoids issues of ntpdate jumping too far while running ntp was supposed to drift (LP: #1593907) -- Christian Ehrhardt <email address hidden> Fri, 07 Jul 2017 07:59:52 +0200
ntp (1:4.2.8p4+dfsg-3ubuntu5.6) xenial; urgency=medium * debian/ntpdate.if-up: Drop delta to stop/start service around ntpdate updates - fixes ntp restart storms due to network changes, fixes accidential start of ntp, avoids issues of ntpdate jumping too far while running ntp was supposed to drift (LP: #1593907) -- Christian Ehrhardt <email address hidden> Fri, 07 Jul 2017 07:56:45 +0200
ntp (1:4.2.8p8+dfsg-1ubuntu2.2) yakkety; urgency=medium * debian/ntpdate.if-up: Drop delta to stop/start service around ntpdate updates - fixes ntp restart storms due to network changes, fixes accidential start of ntp, avoids issues of ntpdate jumping too far while running ntp was supposed to drift (LP: #1593907) -- Christian Ehrhardt <email address hidden> Fri, 07 Jul 2017 07:58:18 +0200
ntp (1:4.2.8p4+dfsg-3ubuntu5.5) xenial-security; urgency=medium * SECURITY UPDATE: DoS via large request data value - debian/patches/CVE-2016-2519.patch: check packet in ntpd/ntp_control.c. - CVE-2016-2519 * SECURITY UPDATE: DoS via responses with a spoofed source address - debian/patches/CVE-2016-7426.patch: improve rate limiting in ntpd/ntp_proto.c. - CVE-2016-7426 * SECURITY UPDATE: DoS via crafted broadcast mode packet - debian/patches/CVE-2016-7427-1.patch: improve replay prevention logic in ntpd/ntp_proto.c. - CVE-2016-7427 * SECURITY UPDATE: DoS via poll interval in a broadcast packet - debian/patches/CVE-2016-7428.patch: ensure at least one poll interval has elapsed in ntpd/ntp_proto.c, include/ntp.h. - CVE-2016-7428 * SECURITY UPDATE: DoS via response for a source to an interface the source does not use - debian/patches/CVE-2016-7429-1.patch: add extra checks to ntpd/ntp_peer.c. - debian/patches/CVE-2016-7429-2.patch: check for NULL first in ntpd/ntp_peer.c. - debian/patches/CVE-2016-7429-3.patch: fix multicastclient regression in ntpd/ntp_peer.c. - CVE-2016-7429 * SECURITY UPDATE: incorrect initial sync calculations - debian/patches/CVE-2016-7433.patch: use peer dispersion in ntpd/ntp_proto.c. - CVE-2016-7433 * SECURITY UPDATE: DoS via crafted mrulist query - debian/patches/CVE-2016-7434.patch: added missing parameter validation to ntpd/ntp_control.c. - CVE-2016-7434 * SECURITY UPDATE: traps can be set or unset via a crafted control mode packet - debian/patches/CVE-2016-9310.patch: require AUTH in ntpd/ntp_control.c. - CVE-2016-9310 * SECURITY UPDATE: DoS when trap service is enabled - debian/patches/CVE-2016-9311.patch: make sure peer events are associated with a peer in ntpd/ntp_control.c. - CVE-2016-9311 * SECURITY UPDATE: potential Overflows in ctl_put() functions - debian/patches/CVE-2017-6458.patch: check lengths in ntpd/ntp_control.c. - CVE-2017-6458 * SECURITY UPDATE: overflow via long flagstr variable - debian/patches/CVE-2017-6460.patch: check length in ntpq/ntpq-subs.c. - CVE-2017-6460 * SECURITY UPDATE: buffer overflow in DPTS refclock driver - debian/patches/CVE-2017-6462.patch: don't overrun buffer in ntpd/refclock_datum.c. - CVE-2017-6462 * SECURITY UPDATE: DoS via invalid setting in a :config directive - debian/patches/CVE-2017-6463.patch: protect against overflow in ntpd/ntp_config.c. - CVE-2017-6463 * SECURITY UPDATE: Dos via malformed mode configuration directive - debian/patches/CVE-2017-6464.patch: validate directives in ntpd/ntp_config.c, ntpd/ntp_proto.c. - CVE-2017-6464 -- Marc Deslauriers <email address hidden> Wed, 28 Jun 2017 10:23:27 -0400
Available diffs
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.11) trusty-security; urgency=medium * SECURITY UPDATE: DoS via responses with a spoofed source address - debian/patches/CVE-2016-7426.patch: improve rate limiting in ntpd/ntp_proto.c. - CVE-2016-7426 * SECURITY UPDATE: DoS via crafted broadcast mode packet - debian/patches/CVE-2016-7427-1.patch: improve replay prevention logic in ntpd/ntp_proto.c. - CVE-2016-7427 * SECURITY UPDATE: DoS via poll interval in a broadcast packet - debian/patches/CVE-2016-7428.patch: ensure at least one poll interval has elapsed in ntpd/ntp_proto.c, include/ntp.h. - CVE-2016-7428 * SECURITY UPDATE: DoS via response for a source to an interface the source does not use - debian/patches/CVE-2016-7429-1.patch: add extra checks to ntpd/ntp_peer.c. - debian/patches/CVE-2016-7429-2.patch: check for NULL first in ntpd/ntp_peer.c. - debian/patches/CVE-2016-7429-3.patch: fix multicastclient regression in ntpd/ntp_peer.c. - CVE-2016-7429 * SECURITY UPDATE: traps can be set or unset via a crafted control mode packet - debian/patches/CVE-2016-9310.patch: require AUTH in ntpd/ntp_control.c. - CVE-2016-9310 * SECURITY UPDATE: DoS when trap service is enabled - debian/patches/CVE-2016-9311.patch: make sure peer events are associated with a peer in ntpd/ntp_control.c. - CVE-2016-9311 * SECURITY UPDATE: potential Overflows in ctl_put() functions - debian/patches/CVE-2017-6458.patch: check lengths in ntpd/ntp_control.c. - CVE-2017-6458 * SECURITY UPDATE: buffer overflow in DPTS refclock driver - debian/patches/CVE-2017-6462.patch: don't overrun buffer in ntpd/refclock_datum.c. - CVE-2017-6462 * SECURITY UPDATE: DoS via invalid setting in a :config directive - debian/patches/CVE-2017-6463.patch: protect against overflow in ntpd/ntp_config.c. - CVE-2017-6463 * SECURITY UPDATE: Dos via malformed mode configuration directive - debian/patches/CVE-2017-6464.patch: validate directives in ntpd/ntp_config.c, ntpd/ntp_proto.c. - CVE-2017-6464 -- Marc Deslauriers <email address hidden> Wed, 28 Jun 2017 12:17:02 -0400
Available diffs
ntp (1:4.2.8p8+dfsg-1ubuntu2.1) yakkety-security; urgency=medium * SECURITY UPDATE: DoS via responses with a spoofed source address - debian/patches/CVE-2016-7426.patch: improve rate limiting in ntpd/ntp_proto.c. - CVE-2016-7426 * SECURITY UPDATE: DoS via crafted broadcast mode packet - debian/patches/CVE-2016-7427-1.patch: improve replay prevention logic in ntpd/ntp_proto.c. - debian/patches/CVE-2016-7427-2.patch: add bcpollbstep option to html/miscopt.html, include/ntp.h, include/ntpd.h, ntpd/complete.conf.in, ntpd/invoke-ntp.conf.texi, ntpd/keyword-gen.c, ntpd/ntp.conf.5man, ntpd/ntp.conf.5mdoc, ntpd/ntp.conf.def, ntpd/ntp.conf.man.in, ntpd/ntp.conf.mdoc.in, ntpd/ntp_config.c, ntpd/ntp_keyword.h, ntpd/ntp_parser.y, ntpd/ntp_proto.c. - CVE-2016-7427 * SECURITY UPDATE: DoS via poll interval in a broadcast packet - debian/patches/CVE-2016-7428.patch: ensure at least one poll interval has elapsed in ntpd/ntp_proto.c, include/ntp.h. - CVE-2016-7428 * SECURITY UPDATE: DoS via response for a source to an interface the source does not use - debian/patches/CVE-2016-7429-1.patch: add extra checks to ntpd/ntp_peer.c. - debian/patches/CVE-2016-7429-2.patch: check for NULL first in ntpd/ntp_peer.c. - debian/patches/CVE-2016-7429-3.patch: fix multicastclient regression in ntpd/ntp_peer.c. - CVE-2016-7429 * SECURITY UPDATE: origin timestamp protection mechanism bypass - debian/patches/CVE-2016-7431.patch: handle zero origin in ntpd/ntp_proto.c. - CVE-2016-7431 * SECURITY UPDATE: incorrect initial sync calculations - debian/patches/CVE-2016-7433.patch: use peer dispersion in ntpd/ntp_proto.c. - CVE-2016-7433 * SECURITY UPDATE: DoS via crafted mrulist query - debian/patches/CVE-2016-7434.patch: added missing parameter validation to ntpd/ntp_control.c. - CVE-2016-7434 * SECURITY UPDATE: DoS in the origin timestamp check - debian/patches/CVE-2016-9042.patch: comment out broken code in ntpd/ntp_proto.c. - CVE-2016-9042 * SECURITY UPDATE: traps can be set or unset via a crafted control mode packet - debian/patches/CVE-2016-9310.patch: require AUTH in ntpd/ntp_control.c. - CVE-2016-9310 * SECURITY UPDATE: DoS when trap service is enabled - debian/patches/CVE-2016-9311.patch: make sure peer events are associated with a peer in ntpd/ntp_control.c. - CVE-2016-9311 * SECURITY UPDATE: potential Overflows in ctl_put() functions - debian/patches/CVE-2017-6458.patch: check lengths in ntpd/ntp_control.c. - CVE-2017-6458 * SECURITY UPDATE: overflow via long flagstr variable - debian/patches/CVE-2017-6460.patch: check length in ntpq/ntpq-subs.c. - CVE-2017-6460 * SECURITY UPDATE: buffer overflow in DPTS refclock driver - debian/patches/CVE-2017-6462.patch: don't overrun buffer in ntpd/refclock_datum.c. - CVE-2017-6462 * SECURITY UPDATE: DoS via invalid setting in a :config directive - debian/patches/CVE-2017-6463.patch: protect against overflow in ntpd/ntp_config.c. - CVE-2017-6463 * SECURITY UPDATE: Dos via malformed mode configuration directive - debian/patches/CVE-2017-6464.patch: validate directives in ntpd/ntp_config.c, ntpd/ntp_proto.c. - CVE-2017-6464 -- Marc Deslauriers <email address hidden> Wed, 28 Jun 2017 08:21:41 -0400
Available diffs
ntp (1:4.2.8p9+dfsg-2ubuntu1.1) zesty-security; urgency=medium * SECURITY UPDATE: DoS in the origin timestamp check - debian/patches/CVE-2016-9042.patch: comment out broken code in ntpd/ntp_proto.c. - CVE-2016-9042 * SECURITY UPDATE: potential Overflows in ctl_put() functions - debian/patches/CVE-2017-6458.patch: check lengths in ntpd/ntp_control.c. - CVE-2017-6458 * SECURITY UPDATE: overflow via long flagstr variable - debian/patches/CVE-2017-6460.patch: check length in ntpq/ntpq-subs.c. - CVE-2017-6460 * SECURITY UPDATE: buffer overflow in DPTS refclock driver - debian/patches/CVE-2017-6462.patch: don't overrun buffer in ntpd/refclock_datum.c. - CVE-2017-6462 * SECURITY UPDATE: DoS via invalid setting in a :config directive - debian/patches/CVE-2017-6463.patch: protect against overflow in ntpd/ntp_config.c. - CVE-2017-6463 * SECURITY UPDATE: Dos via malformed mode configuration directive - debian/patches/CVE-2017-6464.patch: validate directives in ntpd/ntp_config.c, ntpd/ntp_proto.c. - CVE-2017-6464 -- Marc Deslauriers <email address hidden> Wed, 28 Jun 2017 07:53:21 -0400
Available diffs
ntp (1:4.2.8p10+dfsg-5ubuntu1) artful; urgency=medium * Merge with Debian unstable (LP: #1604010). Remaining changes: - d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com. - Add PPS support (LP 1512980): + debian/README.Debian: Add a PPS section to the README.Debian, removed all PPSkit one. + debian/ntp.conf: Add some configuration examples from the offical documentation. * Drop Changes (contribs accepted in Debian): - Apparmor bits not yet accepted in Debian + d/apparmor-profile add samba winbindd pipe (LP 1582767) - Fix ntpdate-debian to be able to parse new config of ntp (LP 1576698) - d/rules: enable debugging - d/rules, d/ntp.dirs, d/source_ntp.py: Add apport hook. + d/source_ntp.py: includes a filter on AppArmor profile names to prevent false positives from denials originating in other packages -- Christian Ehrhardt <email address hidden> Wed, 21 Jun 2017 16:17:38 +0200
ntp (1:4.2.8p10+dfsg-1ubuntu1) artful; urgency=medium * Merge from Debian testing. Remaining changes: + d/rules: enable debugging + d/rules, d/ntp.dirs, d/source_ntp.py: Add apport hook. - d/source_ntp.py: includes a filter on AppArmor profile names to prevent false positives from denials originating in other packages + d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com. + Fix ntpdate-debian to be able to parse new config of ntp + PPS Documentation: - d/README.Debian: Add a PPS section to the README.Debian, removed all PPSkit one. - d/ntp.conf: Add some configuration examples from the offical documentation. + Apparmor bits not yet accepted in Debian - d/apparmor-profile add samba winbindd pipe * Drop Changes: + d/control: Add bison to Build-Depends (for ntpd/ntp_parser.y); dropped as this was only needed while CVE delta was in place that needed ntpd/ntp_parser.[ch] regenerated from ntpd/ntp_parser.y + d/control: Add Suggests on apparmor; drop delta as this is not strictly needed. + Create etc/apparmor.d/{force-complain,tunables}/; force-complain is not used and tunables is handled by the install -D in debian/rules + d/ntpdate.if-up: Fix interaction with openntpd. Stop ntp before running ntpdate when an interface comes up, then start again afterwards; dropping because this actually was a bad workaround to restart ntpd often in case it didn't find its peers when starting initially with many follow on fixes and follow on bugs around. + d/ntp.init don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is newer, it can get stale. Patch by Simon Déziel. (refreshed to apply to new path /run/ntp.conf.dhcp); fixed in Debian by bug 600661 + d/ntp.init: Only stop when entering single user mode; that change is a no-op in systemd environments so it can be dropped -- Christian Ehrhardt <email address hidden> Tue, 02 May 2017 16:24:56 +0200
Available diffs
ntp (1:4.2.8p4+dfsg-3ubuntu5.4) xenial; urgency=medium * Fix ntp.dhcp to also check for pool and better handle spaces and tabs. (LP: #1656801) -- Phil Roche <email address hidden> Thu, 19 Jan 2017 11:06:04 +0000
Superseded in artful-release |
Obsolete in zesty-release |
Deleted in zesty-proposed (Reason: moved to release) |
ntp (1:4.2.8p9+dfsg-2ubuntu1) zesty; urgency=medium * Merge from Debian testing. Remaining changes (LP: #427775): + d/rules: enable debugging + d/rules, d/ntp.dirs, d/source_ntp.py: Add apport hook. + d/ntpdate.if-up: Fix interaction with openntpd. Stop ntp before running ntpdate when an interface comes up, then start again afterwards. + d/ntp.init: Only stop when entering single user mode + d/ntp.init don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is newer, it can get stale. Patch by Simon Déziel. (refreshed to apply to new path /run/ntp.conf.dhcp) + d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com. + d/control: Add bison to Build-Depends (for ntpd/ntp_parser.y). + Fix ntpdate-debian to be able to parse new config of ntp + Add PPS support: - d/README.Debian: Add a PPS section to the README.Debian, removed all PPSkit one. - d/ntp.conf: Add some configuration examples from the offical documentation. + Add Apparmor bits not yet accepted in Debian - d/control: Add Suggests on apparmor. - d/source_ntp.py: Add filter on AppArmor profile names to prevent false positives from denials originating in other packages - d/apparmor-profile add samba winbindd pipe - Create etc/apparmor.d/{force-complain,tunables}/ * Drop Changes: + SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (was accepted in Debian). + d/control: different conflicts/replaces versions on apparmor (was a dependency on a higher apparmor version, but today all releases are newer) -- Christian Ehrhardt <email address hidden> Thu, 01 Dec 2016 15:40:22 +0100
Available diffs
ntp (1:4.2.6.p3+dfsg-1ubuntu3.11) precise-security; urgency=medium * SECURITY UPDATE: Deja Vu replay attack on authenticated broadcast mode - debian/patches/CVE-2015-7973.patch: improve timestamp verification in include/ntp.h, ntpd/ntp_proto.c. - CVE-2015-7973 * SECURITY UPDATE: impersonation between authenticated peers - debian/patches/CVE-2015-7974.patch: check key ID in ntpd/ntp_proto.c. - CVE-2015-7974 * SECURITY UPDATE: ntpq saveconfig command allows dangerous characters in filenames - debian/patches/CVE-2015-7976.patch: check filename in ntpd/ntp_control.c. - CVE-2015-7976 * SECURITY UPDATE: restrict list denial of service - debian/patches/CVE-2015-7977-7978.patch: improve restrict list processing in ntpd/ntp_request.c. - CVE-2015-7977 - CVE-2015-7978 * SECURITY UPDATE: authenticated broadcast mode off-path denial of service - debian/patches/CVE-2015-7979.patch: add more checks to ntpd/ntp_proto.c. - CVE-2015-7979 - CVE-2016-1547 * SECURITY UPDATE: Zero Origin Timestamp Bypass - debian/patches/CVE-2015-8138.patch: check p_org in ntpd/ntp_proto.c. - CVE-2015-8138 * SECURITY UPDATE: potential infinite loop in ntpq - debian/patches/CVE-2015-8158.patch: add time checks to ntpdc/ntpdc.c, ntpq/ntpq.c. - CVE-2015-8158 * SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050) - debian/ntp.cron.daily: fix security issues, patch thanks to halfdog! - CVE-2016-0727 * SECURITY UPDATE: time spoofing via interleaved symmetric mode - debian/patches/CVE-2016-1548.patch: check for bogus packets in ntpd/ntp_proto.c. - CVE-2016-1548 * SECURITY UPDATE: buffer comparison timing attacks - debian/patches/CVE-2016-1550.patch: use CRYPTO_memcmp in libntp/a_md5encrypt.c, sntp/crypto.c. - CVE-2016-1550 * SECURITY UPDATE: DoS via duplicate IPs on unconfig directives - debian/patches/CVE-2016-2516.patch: improve logic in ntpd/ntp_request.c. - CVE-2016-2516 * SECURITY UPDATE: denial of service via crafted addpeer - debian/patches/CVE-2016-2518.patch: check mode value in ntpd/ntp_request.c. - CVE-2016-2518 * SECURITY UPDATE: denial of service via spoofed packets - debian/patches/CVE-2016-4954.patch: discard packet that fails tests in ntpd/ntp_proto.c. - CVE-2016-4954 * SECURITY UPDATE: denial of service via spoofed crypto-NAK or incorrect MAC - debian/patches/CVE-2016-4955.patch: fix checks in ntpd/ntp_proto.c. - CVE-2016-4955 * SECURITY UPDATE: denial of service via spoofed broadcast packet - debian/patches/CVE-2016-4956.patch: properly handle switch in broadcast interleaved mode in ntpd/ntp_proto.c. - CVE-2016-4956 -- Marc Deslauriers <email address hidden> Wed, 05 Oct 2016 08:19:03 -0400
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.10) trusty-security; urgency=medium * SECURITY UPDATE: Deja Vu replay attack on authenticated broadcast mode - debian/patches/CVE-2015-7973.patch: improve timestamp verification in include/ntp.h, ntpd/ntp_proto.c. - CVE-2015-7973 * SECURITY UPDATE: impersonation between authenticated peers - debian/patches/CVE-2015-7974.patch: check key ID in ntpd/ntp_proto.c. - CVE-2015-7974 * SECURITY UPDATE: ntpq saveconfig command allows dangerous characters in filenames - debian/patches/CVE-2015-7976.patch: check filename in ntpd/ntp_control.c. - CVE-2015-7976 * SECURITY UPDATE: restrict list denial of service - debian/patches/CVE-2015-7977-7978.patch: improve restrict list processing in ntpd/ntp_request.c. - CVE-2015-7977 - CVE-2015-7978 * SECURITY UPDATE: authenticated broadcast mode off-path denial of service - debian/patches/CVE-2015-7979.patch: add more checks to ntpd/ntp_proto.c. - CVE-2015-7979 - CVE-2016-1547 * SECURITY UPDATE: Zero Origin Timestamp Bypass - debian/patches/CVE-2015-8138.patch: check p_org in ntpd/ntp_proto.c. - CVE-2015-8138 * SECURITY UPDATE: potential infinite loop in ntpq - debian/patches/CVE-2015-8158.patch: add time checks to ntpdc/ntpdc.c, ntpq/ntpq.c. - CVE-2015-8158 * SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050) - debian/ntp.cron.daily: fix security issues, patch thanks to halfdog! - CVE-2016-0727 * SECURITY UPDATE: time spoofing via interleaved symmetric mode - debian/patches/CVE-2016-1548.patch: check for bogus packets in ntpd/ntp_proto.c. - CVE-2016-1548 * SECURITY UPDATE: buffer comparison timing attacks - debian/patches/CVE-2016-1550.patch: use CRYPTO_memcmp in libntp/a_md5encrypt.c, sntp/crypto.c. - CVE-2016-1550 * SECURITY UPDATE: DoS via duplicate IPs on unconfig directives - debian/patches/CVE-2016-2516.patch: improve logic in ntpd/ntp_request.c. - CVE-2016-2516 * SECURITY UPDATE: denial of service via crafted addpeer - debian/patches/CVE-2016-2518.patch: check mode value in ntpd/ntp_request.c. - CVE-2016-2518 * SECURITY UPDATE: denial of service via spoofed packets - debian/patches/CVE-2016-4954.patch: discard packet that fails tests in ntpd/ntp_proto.c. - CVE-2016-4954 * SECURITY UPDATE: denial of service via spoofed crypto-NAK or incorrect MAC - debian/patches/CVE-2016-4955.patch: fix checks in ntpd/ntp_proto.c. - CVE-2016-4955 * SECURITY UPDATE: denial of service via spoofed broadcast packet - debian/patches/CVE-2016-4956.patch: properly handle switch in broadcast interleaved mode in ntpd/ntp_proto.c. - CVE-2016-4956 -- Marc Deslauriers <email address hidden> Wed, 05 Oct 2016 08:13:23 -0400
ntp (1:4.2.8p4+dfsg-3ubuntu5.3) xenial-security; urgency=medium * SECURITY UPDATE: Deja Vu replay attack on authenticated broadcast mode - debian/patches/CVE-2015-7973.patch: improve timestamp verification in include/ntp.h, ntpd/ntp_proto.c. - CVE-2015-7973 * SECURITY UPDATE: impersonation between authenticated peers - debian/patches/CVE-2015-7974.patch: check key ID in ntpd/ntp_proto.c. - CVE-2015-7974 * SECURITY UPDATE: ntpq buffer overflow - debian/patches/CVE-2015-7975.patch: add length check to ntpq/ntpq.c. - CVE-2015-7975 * SECURITY UPDATE: ntpq saveconfig command allows dangerous characters in filenames - debian/patches/CVE-2015-7976.patch: check filename in ntpd/ntp_control.c. - CVE-2015-7976 * SECURITY UPDATE: restrict list denial of service - debian/patches/CVE-2015-7977-7978.patch: improve restrict list processing in ntpd/ntp_request.c. - CVE-2015-7977 - CVE-2015-7978 * SECURITY UPDATE: authenticated broadcast mode off-path denial of service - debian/patches/CVE-2015-7979.patch: add more checks to ntpd/ntp_proto.c. - CVE-2015-7979 - CVE-2016-1547 * SECURITY UPDATE: Zero Origin Timestamp Bypass - debian/patches/CVE-2015-8138.patch: check p_org in ntpd/ntp_proto.c. - CVE-2015-8138 * SECURITY UPDATE: potential infinite loop in ntpq - debian/patches/CVE-2015-8158.patch: add time checks to ntpdc/ntpdc.c, ntpq/ntpq.c. - CVE-2015-8158 * SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050) - debian/ntp.cron.daily: fix security issues, patch thanks to halfdog! - CVE-2016-0727 * SECURITY UPDATE: time spoofing via interleaved symmetric mode - debian/patches/CVE-2016-1548.patch: check for bogus packets in ntpd/ntp_proto.c. - CVE-2016-1548 * SECURITY UPDATE: buffer comparison timing attacks - debian/patches/CVE-2016-1550.patch: use CRYPTO_memcmp in libntp/a_md5encrypt.c, sntp/crypto.c. - CVE-2016-1550 * SECURITY UPDATE: DoS via duplicate IPs on unconfig directives - debian/patches/CVE-2016-2516.patch: improve logic in ntpd/ntp_request.c. - CVE-2016-2516 * SECURITY UPDATE: denial of service via crafted addpeer - debian/patches/CVE-2016-2518.patch: check mode value in ntpd/ntp_request.c. - CVE-2016-2518 * SECURITY UPDATE: denial of service via spoofed packets - debian/patches/CVE-2016-4954.patch: discard packet that fails tests in ntpd/ntp_proto.c. - CVE-2016-4954 * SECURITY UPDATE: denial of service via spoofed crypto-NAK or incorrect MAC - debian/patches/CVE-2016-4955.patch: fix checks in ntpd/ntp_proto.c. - CVE-2016-4955 * SECURITY UPDATE: denial of service via spoofed broadcast packet - debian/patches/CVE-2016-4956.patch: properly handle switch in broadcast interleaved mode in ntpd/ntp_proto.c. - CVE-2016-4956 -- Marc Deslauriers <email address hidden> Wed, 05 Oct 2016 08:01:29 -0400
Available diffs
ntp (1:4.2.8p4+dfsg-3ubuntu5.2) xenial; urgency=medium * Fix ntpdate-debian to be able to parse new config of ntp (LP: #1576698) -- Christian Ehrhardt <email address hidden> Tue, 20 Sep 2016 14:24:29 +0200
Available diffs
Superseded in zesty-release |
Obsolete in yakkety-release |
Deleted in yakkety-proposed (Reason: moved to release) |
ntp (1:4.2.8p8+dfsg-1ubuntu2) yakkety; urgency=medium * Fix ntpdate-debian to be able to parse new config of ntp (LP: #1576698) -- Christian Ehrhardt <email address hidden> Fri, 26 Aug 2016 15:11:15 +0200
Available diffs
ntp (1:4.2.8p4+dfsg-3ubuntu5.1) xenial; urgency=medium * d/p/ntp-4.2.8p4-segfaults-[1-3]-3.patch fix startup crashes by including Juergen Perlinger's work on upstream bugs 2954 and 2831 to fix those (LP: #1567540). -- Christian Ehrhardt <email address hidden> Mon, 01 Aug 2016 10:50:52 +0200
Available diffs
ntp (1:4.2.8p8+dfsg-1ubuntu1) yakkety; urgency=medium [ Christian Ehrhardt ] * Merge from Debian testing. Remaining changes: + debian/rules: enable debugging. Asked debian to add this in bug #643954. + debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook. + debian/control: Add Suggests on apparmor. + debian/source_ntp.py: Add filter on AppArmor profile names to prevent false positives from denials originating in other packages + debian/ntpdate.if-up: Fix interaction with openntpd. Stop ntp before running ntpdate when an interface comes up, then start again afterwards. + debian/ntp.init, debian/rules: Only stop when entering single user mode, don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is newer - it can get stale. Patch by Simon Déziel. + debian/ntp.conf, debian/ntpdate.default: Change default server to ntp.ubuntu.com. + debian/control: Add bison to Build-Depends (for ntpd/ntp_parser.y). + Extend PPS support - debian/README.Debian: Add a PPS section to the README.Debian - debian/ntp.conf: Add some configuration examples from the offical documentation. + SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050) - debian/ntp.cron.daily: fix security issues, patch thanks to halfdog! - CVE-2016-0727 + Merge also contains an upstream fix that solves (LP: #1567540) * Added changes + match Ubuntu packages now that Debian has ntp apparmor accepted in d/control for Apparmor conflicts/replaces + d/apparmor-profile add samba winbindd pipe (LP: #1582767) * Drop Changes: + Add enforcing AppArmor profile (accepted in Debian): - debian/control: Add Conflicts/Replaces on apparmor-profiles. - debian/control: Add Suggests on apparmor. - debian/control: Build-Depends on dh-apparmor. - add debian/apparmor-profile*. - debian/ntp.dirs: Add apparmor directories. - debian/rules: Install apparmor-profile and apparmor-profile.tunable. - debian/source_ntp.py: Add filter on AppArmor profile names to prevent false positives from denials originating in other packages. - debian/README.Debian: Add note on AppArmor. + Add PPS support (accepted in Debian) - debian/control: Add Build-Depends on pps-tools + debian/apparmor-profile: allow 'rw' access to /dev/pps[0-9]* devices. + d/p/fix_local_sync.patch: fix local clock sync (fixed upstream) + debian/patches/ntpdate-fix-lp1526264.patch (fixed upstream): - Add Alfonso Sanchez-Beato's patch for fixing the cannot correct dates in the future bug + debian/apparmor-profile: adjust to handle AF_UNSPEC with dgram and stream + dropping previous ubuntu security patches/fixes that have been upstreamed in 4.2.8p6: CVE-2015-7973, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8158 + dropping previous ubuntu security patches/fixes that have been upstreamed in 4.2.8p7: CVE-2016-1548, CVE-2016-1550, CVE-2016-2516, CVE-2016-2518, CVE-2015-7974, CVE-2016-1547 [ Robie Basak ] * Restore AppArmor entries in debian/ntp.dirs.
Available diffs
ntp (1:4.2.8p4+dfsg-3ubuntu6) yakkety; urgency=medium * SECURITY UPDATE: Deja Vu replay attack on authenticated broadcast mode - debian/patches/CVE-2015-7973.patch: improve timestamp verification in include/ntp.h, ntpd/ntp_proto.c. - CVE-2015-7973 * SECURITY UPDATE: impersonation between authenticated peers - debian/patches/CVE-2015-7974.patch: check key ID in ntpd/ntp_proto.c. - CVE-2015-7974 * SECURITY UPDATE: ntpq buffer overflow - debian/patches/CVE-2015-7975.patch: add length check to ntpq/ntpq.c. - CVE-2015-7975 * SECURITY UPDATE: ntpq saveconfig command allows dangerous characters in filenames - debian/patches/CVE-2015-7976.patch: check filename in ntpd/ntp_control.c. - CVE-2015-7976 * SECURITY UPDATE: restrict list denial of service - debian/patches/CVE-2015-7977-7978.patch: improve restrict list processing in ntpd/ntp_request.c. - CVE-2015-7977 - CVE-2015-7978 * SECURITY UPDATE: authenticated broadcast mode off-path denial of service - debian/patches/CVE-2015-7979.patch: add more checks to ntpd/ntp_proto.c. - CVE-2015-7979 - CVE-2016-1547 * SECURITY UPDATE: Zero Origin Timestamp Bypass - debian/patches/CVE-2015-8138.patch: check p_org in ntpd/ntp_proto.c. - CVE-2015-8138 * SECURITY UPDATE: potential infinite loop in ntpq - debian/patches/CVE-2015-8158.patch: add time checks to ntpdc/ntpdc.c, ntpq/ntpq.c. - CVE-2015-8158 * SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050) - debian/ntp.cron.daily: fix security issues, patch thanks to halfdog! - CVE-2016-0727 * SECURITY UPDATE: time spoofing via interleaved symmetric mode - debian/patches/CVE-20xx-xxxx.patch: check for bogus packets in ntpd/ntp_proto.c. - CVE-2016-1548 * SECURITY UPDATE: buffer comparison timing attacks - debian/patches/CVE-2016-1550.patch: use CRYPTO_memcmp in libntp/a_md5encrypt.c, sntp/crypto.c. - CVE-2016-1550 * SECURITY UPDATE: DoS via duplicate IPs on unconfig directives - debian/patches/CVE-2016-2516.patch: improve logic in ntpd/ntp_request.c. - CVE-2016-2516 * SECURITY UPDATE: denial of service via crafted addpeer - debian/patches/CVE-2016-2518.patch: check mode value in ntpd/ntp_request.c. - CVE-2016-2518 -- Marc Deslauriers <email address hidden> Wed, 01 Jun 2016 08:38:07 -0400
Available diffs
1 → 50 of 171 results | First • Previous • Next • Last |