Change log for ntp package in Ubuntu
| 1 → 50 of 171 results | First • Previous • Next • Last |
| Deleted in kinetic-release (Reason: (From Debian) [auto-cruft] obsolete source package) |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
ntp (1:4.2.8p15+dfsg-1ubuntu2) jammy; urgency=medium * No-change rebuild to update maintainer scripts, see LP: 1959054 -- Dave Jones <email address hidden> Wed, 16 Feb 2022 17:13:02 +0000
Available diffs
ntp (1:4.2.8p15+dfsg-1ubuntu1) jammy; urgency=medium
* Merge from Debian unstable, remaining changes:
- d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com.
- add support for parsing systemd networkd lease files LP: 1717983
+ d/ntp.dhcp add support for parsing systemd networkd lease files
+ d/ntp-systemd-netif.service: service to call hook
+ d/ntp-systemd-netif.path: respond to lease changes
* Dropped changes, included in Debian:
- Add Conflict/Replaces/Provides: time-daemon.
- debian/rules: add -fcommon flag to CFLAGS
* Dropped changes, included upstream:
- debian/patches/CVE-2019-8936.patch: Guard against operations
on NULL pointer in ntpd/ntp_control.c.
* debian/patches/glibc-2.34.patch: compatibility with glibc 2.34.
| Superseded in jammy-proposed |
ntp (1:4.2.8p12+dfsg-3ubuntu7) jammy; urgency=medium * No-change rebuild against openssl3 -- Simon Chopin <email address hidden> Mon, 29 Nov 2021 16:04:04 +0100
Available diffs
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
ntp (1:4.2.8p12+dfsg-3ubuntu6) impish; urgency=medium * SECURITY UPDATE: Null dereference attack in mode 6 packet (LP: #1891953) - debian/patches/CVE-2019-8936.patch: Guard against operations on NULL pointer in ntpd/ntp_control.c. - CVE-2019-8936 * Fix FTBFS with GCC-10 - debian/rules: add -fcommon flag to CFLAGS -- Brian Morton <email address hidden> Fri, 27 Nov 2020 16:10:51 -0500
Available diffs
ntp (1:4.2.8p12+dfsg-3ubuntu4.1) hirsute-security; urgency=medium * SECURITY UPDATE: Null dereference attack in mode 6 packet (LP: #1891953) - debian/patches/CVE-2019-8936.patch: Guard against operations on NULL pointer in ntpd/ntp_control.c. - CVE-2019-8936 * Fix FTBFS with GCC-10 - debian/rules: add -fcommon flag to CFLAGS -- Brian Morton <email address hidden> Fri, 27 Nov 2020 16:10:51 -0500
Available diffs
ntp (1:4.2.8p12+dfsg-3ubuntu4.20.10.1) groovy-security; urgency=medium * SECURITY UPDATE: Null dereference attack in mode 6 packet (LP: #1891953) - debian/patches/CVE-2019-8936.patch: Guard against operations on NULL pointer in ntpd/ntp_control.c. - CVE-2019-8936 * Fix FTBFS with GCC-10 - debian/rules: add -fcommon flag to CFLAGS -- Brian Morton <email address hidden> Fri, 27 Nov 2020 16:10:51 -0500
Available diffs
ntp (1:4.2.8p12+dfsg-3ubuntu4.20.04.1) focal-security; urgency=medium * SECURITY UPDATE: Null dereference attack in mode 6 packet (LP: #1891953) - debian/patches/CVE-2019-8936.patch: Guard against operations on NULL pointer in ntpd/ntp_control.c. - CVE-2019-8936 -- Brian Morton <email address hidden> Fri, 27 Nov 2020 16:10:51 -0500
Available diffs
ntp (1:4.2.8p10+dfsg-5ubuntu7.3) bionic-security; urgency=medium * SECURITY UPDATE: Null dereference attack in mode 6 packet (LP: #1891953) - debian/patches/CVE-2019-8936.patch: Guard against operations on NULL pointer in ntpd/ntp_control.c. - CVE-2019-8936 -- Brian Morton <email address hidden> Mon, 17 Aug 2020 21:58:51 -0400
Available diffs
ntp (1:4.2.8p10+dfsg-5ubuntu7.2) bionic; urgency=medium * ntpq should check return code from libcrypto calls (LP: #1884265) - debian/patches/ntpq-openssl-check.patch -- Joy Latten <email address hidden> Thu, 09 Jul 2020 21:11:52 +0000
| Superseded in impish-release |
| Obsolete in hirsute-release |
| Obsolete in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
ntp (1:4.2.8p12+dfsg-3ubuntu4) focal; urgency=medium [ Bernhard Schmidt ] * Add Conflict/Replaces/Provides: time-daemon (Closes: #316549) -- Balint Reczey <email address hidden> Thu, 02 Apr 2020 19:37:06 +0200
Available diffs
ntp (1:4.2.8p4+dfsg-3ubuntu5.10) xenial-security; urgency=medium
* SECURITY UPDATE: crash or possible code execution via a long string as
the ipv4 host argument
- debian/patches/CVE-2018-12327.patch prevent overflow of host
in openhost() in ntpq/ntpq.c and ntpdc/ntpdc.c.
- CVE-2018-12327
-- Mark Morlino <email address hidden> Mon, 06 Jan 2020 09:25:46 -0500
ntp (1:4.2.6.p3+dfsg-1ubuntu3.13) precise-security; urgency=medium
* SECURITY UPDATE: crash or possible code execution via a long string as
the ipv4 host argument
- debian/patches/CVE-2018-12327.patch prevent overflow of host
in openhost() in ntpq/ntpq.c and ntpdc/ntpdc.c.
- CVE-2018-12327
-- Mark Morlino <email address hidden> Mon, 06 Jan 2020 09:38:04 -0500
Available diffs
ntp (1:4.2.8p12+dfsg-3ubuntu3) focal; urgency=medium * No-change rebuild for libevent soname changes. -- Matthias Klose <email address hidden> Sat, 19 Oct 2019 19:57:18 +0000
Available diffs
| Superseded in focal-release |
| Obsolete in eoan-release |
| Deleted in eoan-proposed (Reason: moved to release) |
ntp (1:4.2.8p12+dfsg-3ubuntu2) eoan; urgency=medium * No-change upload with strops.h and sys/strops.h removed in glibc. -- Matthias Klose <email address hidden> Thu, 05 Sep 2019 11:04:26 +0000
Available diffs
| Superseded in eoan-release |
| Obsolete in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
ntp (1:4.2.8p12+dfsg-3ubuntu1) disco; urgency=medium * Merge with Debian unstable (LP: #1806382). Remaining changes: - d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com. - add support for parsing systemd networkd lease files LP: 1717983 + d/ntp.dhcp add support for parsing systemd networkd lease files + d/ntp-systemd-netif.service: service to call hook + d/ntp-systemd-netif.path: respond to lease changes * Dropped Changes (accepted in Debian) - Add PPS support (this is accepted in Debian and only had some readme and example entries left):
Available diffs
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.13) trusty-security; urgency=medium
* SECURITY UPDATE: code execution via buffer overflow in decodearr
- debian/patches/CVE-2018-7183.patch: prevent writing beyons limits in
ntpq/ntpq.c.
- CVE-2018-7183
* SECURITY UPDATE: DoS via certain packets with a zero-origin timestamp
- debian/patches/CVE-2018-7185.patch: add additional checks to
ntpd/ntp_proto.c.
- CVE-2018-7185
-- Marc Deslauriers <email address hidden> Fri, 06 Jul 2018 15:45:46 -0400
ntp (1:4.2.8p4+dfsg-3ubuntu5.9) xenial-security; urgency=medium
* SECURITY UPDATE: code execution via buffer overflow in decodearr
- debian/patches/CVE-2018-7183.patch: prevent writing beyons limits in
ntpq/ntpq.c.
- CVE-2018-7183
* SECURITY UPDATE: DoS via certain packets with a zero-origin timestamp
- debian/patches/CVE-2018-7185.patch: add additional checks to
ntpd/ntp_proto.c.
- CVE-2018-7185
-- Marc Deslauriers <email address hidden> Fri, 06 Jul 2018 15:34:25 -0400
Available diffs
ntp (1:4.2.8p10+dfsg-5ubuntu3.3) artful-security; urgency=medium
* SECURITY UPDATE: DoS via mode 6 packet
- debian/patches/CVE-2018-7182.patch: do not compare past NUL byte in
ntpd/ntp_control.c.
- CVE-2018-7182
* SECURITY UPDATE: code execution via buffer overflow in decodearr
- debian/patches/CVE-2018-7183.patch: prevent writing beyons limits in
ntpq/ntpq.c.
- CVE-2018-7183
* SECURITY UPDATE: DoS via packet with zero-origin timestamp
- debian/patches/CVE-2018-7184.patch: recover from bad state in
ntpd/ntp_proto.c.
- CVE-2018-7184
* SECURITY UPDATE: DoS via certain packets with a zero-origin timestamp
- debian/patches/CVE-2018-7185.patch: add additional checks to
ntpd/ntp_proto.c.
- CVE-2018-7185
-- Marc Deslauriers <email address hidden> Fri, 06 Jul 2018 15:23:18 -0400
ntp (1:4.2.8p10+dfsg-5ubuntu7.1) bionic-security; urgency=medium
* SECURITY UPDATE: DoS via mode 6 packet
- debian/patches/CVE-2018-7182.patch: do not compare past NUL byte in
ntpd/ntp_control.c.
- CVE-2018-7182
* SECURITY UPDATE: code execution via buffer overflow in decodearr
- debian/patches/CVE-2018-7183.patch: prevent writing beyons limits in
ntpq/ntpq.c.
- CVE-2018-7183
* SECURITY UPDATE: DoS via packet with zero-origin timestamp
- debian/patches/CVE-2018-7184.patch: recover from bad state in
ntpd/ntp_proto.c.
- CVE-2018-7184
* SECURITY UPDATE: DoS via certain packets with a zero-origin timestamp
- debian/patches/CVE-2018-7185.patch: add additional checks to
ntpd/ntp_proto.c.
- CVE-2018-7185
-- Marc Deslauriers <email address hidden> Fri, 06 Jul 2018 15:08:42 -0400
Available diffs
| Superseded in disco-release |
| Obsolete in cosmic-release |
| Deleted in cosmic-proposed (Reason: moved to release) |
ntp (1:4.2.8p11+dfsg-1ubuntu1) cosmic; urgency=medium * Merge with Debian unstable (LP: #1773921). Remaining changes: - d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com. - Add PPS support (LP 1512980): + debian/README.Debian: Add a PPS section to the README.Debian + debian/ntp.conf: Add some PPS configuration examples from the offical documentation. - d/ntp.dhcp add support for parsing systemd networkd lease files LP 1717983 * Dropped Changes (accepted in Debian) - d/ntp-systemd-wrapper protect systemd service startup from concurrent ntpdate processes the same way it was protected on sysv-init (LP 1706818) - debian/apparmor-profile: add attach_disconnected which is needed in some cases to let ntp report its log messages (LP 1727202). - debian/apparmor-profile: avoid denies to to arg checks (LP 1741227) - fix apparmor denial when checking for running ntpdate (LP 1749389)
Available diffs
ntp (1:4.2.8p4+dfsg-3ubuntu5.8) xenial; urgency=medium * d/apparmor-profile: fix denial checking for running ntpdate (LP: #1749389) -- Christian Ehrhardt <email address hidden> Wed, 14 Feb 2018 13:10:39 +0100
Available diffs
| Superseded in cosmic-release |
| Published in bionic-release |
| Superseded in bionic-release |
| Deleted in bionic-proposed (Reason: moved to release) |
ntp (1:4.2.8p10+dfsg-5ubuntu7) bionic; urgency=medium * fix apparmor denial when checking for running ntpdate (LP: 1749389) -- Christian Ehrhardt <email address hidden> Wed, 14 Feb 2018 09:23:36 +0100
Available diffs
ntp (1:4.2.8p10+dfsg-5ubuntu6) bionic; urgency=high * No change rebuild against openssl1.1. -- Dimitri John Ledkov <email address hidden> Mon, 05 Feb 2018 16:51:21 +0000
Available diffs
ntp (1:4.2.8p10+dfsg-5ubuntu5) bionic; urgency=medium * debian/apparmor-profile: avoid denies to to arg checks (LP: #1741227) -- Christian Ehrhardt <email address hidden> Thu, 04 Jan 2018 14:20:53 +0100
Available diffs
ntp (1:4.2.8p10+dfsg-5ubuntu3.1) artful; urgency=medium
* debian/apparmor-profile: add attach_disconnected which is needed in some
cases to let ntp report its log messages (LP: #1727202).
-- Christian Ehrhardt <email address hidden> Mon, 18 Dec 2017 13:19:36 +0100
Available diffs
ntp (1:4.2.8p10+dfsg-5ubuntu4) bionic; urgency=medium
* debian/apparmor-profile: add attach_disconnected which is needed in some
cases to let ntp report its log messages (LP: #1727202).
-- Christian Ehrhardt <email address hidden> Wed, 13 Dec 2017 16:31:30 +0100
Available diffs
| Superseded in bionic-release |
| Obsolete in artful-release |
| Deleted in artful-proposed (Reason: moved to release) |
ntp (1:4.2.8p10+dfsg-5ubuntu3) artful; urgency=medium
* d/ntp.dhcp add support for parsing systemd networkd lease files LP:
#1717983
-- Dimitri John Ledkov <email address hidden> Tue, 03 Oct 2017 01:54:33 +0100
Available diffs
ntp (1:4.2.8p4+dfsg-3ubuntu5.7) xenial; urgency=medium
* d/ntp.init: fix lock path to match the ntpdate ifup hook. Furthermore
drop the usage of lockfile-progs calls and instead use flock directly.
This is a backport of changes made in 1:4.2.8p7+dfsg-1 (LP: #1706818)
-- Christian Ehrhardt <email address hidden> Tue, 05 Sep 2017 17:24:43 +0200
Available diffs
ntp (1:4.2.8p10+dfsg-5ubuntu2) artful; urgency=medium
* d/ntp-systemd-wrapper protect systemd service startup from concurrent
ntpdate processes the same way it was protected on sysv-init (LP: #1706818)
-- Christian Ehrhardt <email address hidden> Tue, 05 Sep 2017 15:09:08 +0200
Available diffs
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.12) trusty; urgency=medium
* debian/ntpdate.if-up: Drop delta to stop/start service around ntpdate
updates - fixes ntp restart storms due to network changes, fixes
accidential start of ntp, avoids issues of ntpdate jumping too far while
running ntp was supposed to drift (LP: #1593907)
-- Christian Ehrhardt <email address hidden> Fri, 07 Jul 2017 07:53:16 +0200
ntp (1:4.2.8p9+dfsg-2ubuntu1.2) zesty; urgency=medium
* debian/ntpdate.if-up: Drop delta to stop/start service around ntpdate
updates - fixes ntp restart storms due to network changes, fixes
accidential start of ntp, avoids issues of ntpdate jumping too far while
running ntp was supposed to drift (LP: #1593907)
-- Christian Ehrhardt <email address hidden> Fri, 07 Jul 2017 07:59:52 +0200
ntp (1:4.2.8p4+dfsg-3ubuntu5.6) xenial; urgency=medium
* debian/ntpdate.if-up: Drop delta to stop/start service around ntpdate
updates - fixes ntp restart storms due to network changes, fixes
accidential start of ntp, avoids issues of ntpdate jumping too far while
running ntp was supposed to drift (LP: #1593907)
-- Christian Ehrhardt <email address hidden> Fri, 07 Jul 2017 07:56:45 +0200
ntp (1:4.2.8p8+dfsg-1ubuntu2.2) yakkety; urgency=medium
* debian/ntpdate.if-up: Drop delta to stop/start service around ntpdate
updates - fixes ntp restart storms due to network changes, fixes
accidential start of ntp, avoids issues of ntpdate jumping too far while
running ntp was supposed to drift (LP: #1593907)
-- Christian Ehrhardt <email address hidden> Fri, 07 Jul 2017 07:58:18 +0200
ntp (1:4.2.8p4+dfsg-3ubuntu5.5) xenial-security; urgency=medium
* SECURITY UPDATE: DoS via large request data value
- debian/patches/CVE-2016-2519.patch: check packet in
ntpd/ntp_control.c.
- CVE-2016-2519
* SECURITY UPDATE: DoS via responses with a spoofed source address
- debian/patches/CVE-2016-7426.patch: improve rate limiting in
ntpd/ntp_proto.c.
- CVE-2016-7426
* SECURITY UPDATE: DoS via crafted broadcast mode packet
- debian/patches/CVE-2016-7427-1.patch: improve replay prevention
logic in ntpd/ntp_proto.c.
- CVE-2016-7427
* SECURITY UPDATE: DoS via poll interval in a broadcast packet
- debian/patches/CVE-2016-7428.patch: ensure at least one poll interval
has elapsed in ntpd/ntp_proto.c, include/ntp.h.
- CVE-2016-7428
* SECURITY UPDATE: DoS via response for a source to an interface the
source does not use
- debian/patches/CVE-2016-7429-1.patch: add extra checks to
ntpd/ntp_peer.c.
- debian/patches/CVE-2016-7429-2.patch: check for NULL first in
ntpd/ntp_peer.c.
- debian/patches/CVE-2016-7429-3.patch: fix multicastclient regression
in ntpd/ntp_peer.c.
- CVE-2016-7429
* SECURITY UPDATE: incorrect initial sync calculations
- debian/patches/CVE-2016-7433.patch: use peer dispersion in
ntpd/ntp_proto.c.
- CVE-2016-7433
* SECURITY UPDATE: DoS via crafted mrulist query
- debian/patches/CVE-2016-7434.patch: added missing parameter
validation to ntpd/ntp_control.c.
- CVE-2016-7434
* SECURITY UPDATE: traps can be set or unset via a crafted control mode
packet
- debian/patches/CVE-2016-9310.patch: require AUTH in
ntpd/ntp_control.c.
- CVE-2016-9310
* SECURITY UPDATE: DoS when trap service is enabled
- debian/patches/CVE-2016-9311.patch: make sure peer events are
associated with a peer in ntpd/ntp_control.c.
- CVE-2016-9311
* SECURITY UPDATE: potential Overflows in ctl_put() functions
- debian/patches/CVE-2017-6458.patch: check lengths in
ntpd/ntp_control.c.
- CVE-2017-6458
* SECURITY UPDATE: overflow via long flagstr variable
- debian/patches/CVE-2017-6460.patch: check length in ntpq/ntpq-subs.c.
- CVE-2017-6460
* SECURITY UPDATE: buffer overflow in DPTS refclock driver
- debian/patches/CVE-2017-6462.patch: don't overrun buffer in
ntpd/refclock_datum.c.
- CVE-2017-6462
* SECURITY UPDATE: DoS via invalid setting in a :config directive
- debian/patches/CVE-2017-6463.patch: protect against overflow in
ntpd/ntp_config.c.
- CVE-2017-6463
* SECURITY UPDATE: Dos via malformed mode configuration directive
- debian/patches/CVE-2017-6464.patch: validate directives in
ntpd/ntp_config.c, ntpd/ntp_proto.c.
- CVE-2017-6464
-- Marc Deslauriers <email address hidden> Wed, 28 Jun 2017 10:23:27 -0400
Available diffs
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.11) trusty-security; urgency=medium
* SECURITY UPDATE: DoS via responses with a spoofed source address
- debian/patches/CVE-2016-7426.patch: improve rate limiting in
ntpd/ntp_proto.c.
- CVE-2016-7426
* SECURITY UPDATE: DoS via crafted broadcast mode packet
- debian/patches/CVE-2016-7427-1.patch: improve replay prevention
logic in ntpd/ntp_proto.c.
- CVE-2016-7427
* SECURITY UPDATE: DoS via poll interval in a broadcast packet
- debian/patches/CVE-2016-7428.patch: ensure at least one poll interval
has elapsed in ntpd/ntp_proto.c, include/ntp.h.
- CVE-2016-7428
* SECURITY UPDATE: DoS via response for a source to an interface the
source does not use
- debian/patches/CVE-2016-7429-1.patch: add extra checks to
ntpd/ntp_peer.c.
- debian/patches/CVE-2016-7429-2.patch: check for NULL first in
ntpd/ntp_peer.c.
- debian/patches/CVE-2016-7429-3.patch: fix multicastclient regression
in ntpd/ntp_peer.c.
- CVE-2016-7429
* SECURITY UPDATE: traps can be set or unset via a crafted control mode
packet
- debian/patches/CVE-2016-9310.patch: require AUTH in
ntpd/ntp_control.c.
- CVE-2016-9310
* SECURITY UPDATE: DoS when trap service is enabled
- debian/patches/CVE-2016-9311.patch: make sure peer events are
associated with a peer in ntpd/ntp_control.c.
- CVE-2016-9311
* SECURITY UPDATE: potential Overflows in ctl_put() functions
- debian/patches/CVE-2017-6458.patch: check lengths in
ntpd/ntp_control.c.
- CVE-2017-6458
* SECURITY UPDATE: buffer overflow in DPTS refclock driver
- debian/patches/CVE-2017-6462.patch: don't overrun buffer in
ntpd/refclock_datum.c.
- CVE-2017-6462
* SECURITY UPDATE: DoS via invalid setting in a :config directive
- debian/patches/CVE-2017-6463.patch: protect against overflow in
ntpd/ntp_config.c.
- CVE-2017-6463
* SECURITY UPDATE: Dos via malformed mode configuration directive
- debian/patches/CVE-2017-6464.patch: validate directives in
ntpd/ntp_config.c, ntpd/ntp_proto.c.
- CVE-2017-6464
-- Marc Deslauriers <email address hidden> Wed, 28 Jun 2017 12:17:02 -0400
Available diffs
ntp (1:4.2.8p8+dfsg-1ubuntu2.1) yakkety-security; urgency=medium
* SECURITY UPDATE: DoS via responses with a spoofed source address
- debian/patches/CVE-2016-7426.patch: improve rate limiting in
ntpd/ntp_proto.c.
- CVE-2016-7426
* SECURITY UPDATE: DoS via crafted broadcast mode packet
- debian/patches/CVE-2016-7427-1.patch: improve replay prevention
logic in ntpd/ntp_proto.c.
- debian/patches/CVE-2016-7427-2.patch: add bcpollbstep option to
html/miscopt.html, include/ntp.h, include/ntpd.h,
ntpd/complete.conf.in, ntpd/invoke-ntp.conf.texi, ntpd/keyword-gen.c,
ntpd/ntp.conf.5man, ntpd/ntp.conf.5mdoc, ntpd/ntp.conf.def,
ntpd/ntp.conf.man.in, ntpd/ntp.conf.mdoc.in, ntpd/ntp_config.c,
ntpd/ntp_keyword.h, ntpd/ntp_parser.y, ntpd/ntp_proto.c.
- CVE-2016-7427
* SECURITY UPDATE: DoS via poll interval in a broadcast packet
- debian/patches/CVE-2016-7428.patch: ensure at least one poll interval
has elapsed in ntpd/ntp_proto.c, include/ntp.h.
- CVE-2016-7428
* SECURITY UPDATE: DoS via response for a source to an interface the
source does not use
- debian/patches/CVE-2016-7429-1.patch: add extra checks to
ntpd/ntp_peer.c.
- debian/patches/CVE-2016-7429-2.patch: check for NULL first in
ntpd/ntp_peer.c.
- debian/patches/CVE-2016-7429-3.patch: fix multicastclient regression
in ntpd/ntp_peer.c.
- CVE-2016-7429
* SECURITY UPDATE: origin timestamp protection mechanism bypass
- debian/patches/CVE-2016-7431.patch: handle zero origin in
ntpd/ntp_proto.c.
- CVE-2016-7431
* SECURITY UPDATE: incorrect initial sync calculations
- debian/patches/CVE-2016-7433.patch: use peer dispersion in
ntpd/ntp_proto.c.
- CVE-2016-7433
* SECURITY UPDATE: DoS via crafted mrulist query
- debian/patches/CVE-2016-7434.patch: added missing parameter
validation to ntpd/ntp_control.c.
- CVE-2016-7434
* SECURITY UPDATE: DoS in the origin timestamp check
- debian/patches/CVE-2016-9042.patch: comment out broken code in
ntpd/ntp_proto.c.
- CVE-2016-9042
* SECURITY UPDATE: traps can be set or unset via a crafted control mode
packet
- debian/patches/CVE-2016-9310.patch: require AUTH in
ntpd/ntp_control.c.
- CVE-2016-9310
* SECURITY UPDATE: DoS when trap service is enabled
- debian/patches/CVE-2016-9311.patch: make sure peer events are
associated with a peer in ntpd/ntp_control.c.
- CVE-2016-9311
* SECURITY UPDATE: potential Overflows in ctl_put() functions
- debian/patches/CVE-2017-6458.patch: check lengths in
ntpd/ntp_control.c.
- CVE-2017-6458
* SECURITY UPDATE: overflow via long flagstr variable
- debian/patches/CVE-2017-6460.patch: check length in ntpq/ntpq-subs.c.
- CVE-2017-6460
* SECURITY UPDATE: buffer overflow in DPTS refclock driver
- debian/patches/CVE-2017-6462.patch: don't overrun buffer in
ntpd/refclock_datum.c.
- CVE-2017-6462
* SECURITY UPDATE: DoS via invalid setting in a :config directive
- debian/patches/CVE-2017-6463.patch: protect against overflow in
ntpd/ntp_config.c.
- CVE-2017-6463
* SECURITY UPDATE: Dos via malformed mode configuration directive
- debian/patches/CVE-2017-6464.patch: validate directives in
ntpd/ntp_config.c, ntpd/ntp_proto.c.
- CVE-2017-6464
-- Marc Deslauriers <email address hidden> Wed, 28 Jun 2017 08:21:41 -0400
Available diffs
ntp (1:4.2.8p9+dfsg-2ubuntu1.1) zesty-security; urgency=medium
* SECURITY UPDATE: DoS in the origin timestamp check
- debian/patches/CVE-2016-9042.patch: comment out broken code in
ntpd/ntp_proto.c.
- CVE-2016-9042
* SECURITY UPDATE: potential Overflows in ctl_put() functions
- debian/patches/CVE-2017-6458.patch: check lengths in
ntpd/ntp_control.c.
- CVE-2017-6458
* SECURITY UPDATE: overflow via long flagstr variable
- debian/patches/CVE-2017-6460.patch: check length in ntpq/ntpq-subs.c.
- CVE-2017-6460
* SECURITY UPDATE: buffer overflow in DPTS refclock driver
- debian/patches/CVE-2017-6462.patch: don't overrun buffer in
ntpd/refclock_datum.c.
- CVE-2017-6462
* SECURITY UPDATE: DoS via invalid setting in a :config directive
- debian/patches/CVE-2017-6463.patch: protect against overflow in
ntpd/ntp_config.c.
- CVE-2017-6463
* SECURITY UPDATE: Dos via malformed mode configuration directive
- debian/patches/CVE-2017-6464.patch: validate directives in
ntpd/ntp_config.c, ntpd/ntp_proto.c.
- CVE-2017-6464
-- Marc Deslauriers <email address hidden> Wed, 28 Jun 2017 07:53:21 -0400
Available diffs
ntp (1:4.2.8p10+dfsg-5ubuntu1) artful; urgency=medium * Merge with Debian unstable (LP: #1604010). Remaining changes: - d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com. - Add PPS support (LP 1512980): + debian/README.Debian: Add a PPS section to the README.Debian, removed all PPSkit one. + debian/ntp.conf: Add some configuration examples from the offical documentation. * Drop Changes (contribs accepted in Debian): - Apparmor bits not yet accepted in Debian + d/apparmor-profile add samba winbindd pipe (LP 1582767) - Fix ntpdate-debian to be able to parse new config of ntp (LP 1576698) - d/rules: enable debugging - d/rules, d/ntp.dirs, d/source_ntp.py: Add apport hook. + d/source_ntp.py: includes a filter on AppArmor profile names to prevent false positives from denials originating in other packages -- Christian Ehrhardt <email address hidden> Wed, 21 Jun 2017 16:17:38 +0200
ntp (1:4.2.8p10+dfsg-1ubuntu1) artful; urgency=medium
* Merge from Debian testing. Remaining changes:
+ d/rules: enable debugging
+ d/rules, d/ntp.dirs, d/source_ntp.py: Add apport hook.
- d/source_ntp.py: includes a filter on AppArmor profile names to prevent
false positives from denials originating in other packages
+ d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com.
+ Fix ntpdate-debian to be able to parse new config of ntp
+ PPS Documentation:
- d/README.Debian: Add a PPS section to the README.Debian,
removed all PPSkit one.
- d/ntp.conf: Add some configuration examples from the offical
documentation.
+ Apparmor bits not yet accepted in Debian
- d/apparmor-profile add samba winbindd pipe
* Drop Changes:
+ d/control: Add bison to Build-Depends (for ntpd/ntp_parser.y); dropped
as this was only needed while CVE delta was in place that needed
ntpd/ntp_parser.[ch] regenerated from ntpd/ntp_parser.y
+ d/control: Add Suggests on apparmor; drop delta as this is not strictly
needed.
+ Create etc/apparmor.d/{force-complain,tunables}/; force-complain is not
used and tunables is handled by the install -D in debian/rules
+ d/ntpdate.if-up: Fix interaction with openntpd. Stop ntp before
running ntpdate when an interface comes up, then start again afterwards;
dropping because this actually was a bad workaround to restart ntpd often
in case it didn't find its peers when starting initially with many follow
on fixes and follow on bugs around.
+ d/ntp.init don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is
newer, it can get stale. Patch by Simon Déziel. (refreshed to apply to
new path /run/ntp.conf.dhcp); fixed in Debian by bug 600661
+ d/ntp.init: Only stop when entering single user mode; that change is a
no-op in systemd environments so it can be dropped
-- Christian Ehrhardt <email address hidden> Tue, 02 May 2017 16:24:56 +0200
Available diffs
ntp (1:4.2.8p4+dfsg-3ubuntu5.4) xenial; urgency=medium
* Fix ntp.dhcp to also check for pool and better handle spaces and tabs.
(LP: #1656801)
-- Phil Roche <email address hidden> Thu, 19 Jan 2017 11:06:04 +0000
| Superseded in artful-release |
| Obsolete in zesty-release |
| Deleted in zesty-proposed (Reason: moved to release) |
ntp (1:4.2.8p9+dfsg-2ubuntu1) zesty; urgency=medium * Merge from Debian testing. Remaining changes (LP: #427775): + d/rules: enable debugging + d/rules, d/ntp.dirs, d/source_ntp.py: Add apport hook. + d/ntpdate.if-up: Fix interaction with openntpd. Stop ntp before running ntpdate when an interface comes up, then start again afterwards. + d/ntp.init: Only stop when entering single user mode + d/ntp.init don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is newer, it can get stale. Patch by Simon Déziel. (refreshed to apply to new path /run/ntp.conf.dhcp) + d/ntp.conf, d/ntpdate.default: Change default server to ntp.ubuntu.com. + d/control: Add bison to Build-Depends (for ntpd/ntp_parser.y). + Fix ntpdate-debian to be able to parse new config of ntp + Add PPS support: - d/README.Debian: Add a PPS section to the README.Debian, removed all PPSkit one. - d/ntp.conf: Add some configuration examples from the offical documentation. + Add Apparmor bits not yet accepted in Debian - d/control: Add Suggests on apparmor. - d/source_ntp.py: Add filter on AppArmor profile names to prevent false positives from denials originating in other packages - d/apparmor-profile add samba winbindd pipe - Create etc/apparmor.d/{force-complain,tunables}/ * Drop Changes: + SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (was accepted in Debian). + d/control: different conflicts/replaces versions on apparmor (was a dependency on a higher apparmor version, but today all releases are newer) -- Christian Ehrhardt <email address hidden> Thu, 01 Dec 2016 15:40:22 +0100
Available diffs
ntp (1:4.2.6.p3+dfsg-1ubuntu3.11) precise-security; urgency=medium
* SECURITY UPDATE: Deja Vu replay attack on authenticated broadcast mode
- debian/patches/CVE-2015-7973.patch: improve timestamp verification in
include/ntp.h, ntpd/ntp_proto.c.
- CVE-2015-7973
* SECURITY UPDATE: impersonation between authenticated peers
- debian/patches/CVE-2015-7974.patch: check key ID in ntpd/ntp_proto.c.
- CVE-2015-7974
* SECURITY UPDATE: ntpq saveconfig command allows dangerous characters in
filenames
- debian/patches/CVE-2015-7976.patch: check filename in
ntpd/ntp_control.c.
- CVE-2015-7976
* SECURITY UPDATE: restrict list denial of service
- debian/patches/CVE-2015-7977-7978.patch: improve restrict list
processing in ntpd/ntp_request.c.
- CVE-2015-7977
- CVE-2015-7978
* SECURITY UPDATE: authenticated broadcast mode off-path denial of
service
- debian/patches/CVE-2015-7979.patch: add more checks to
ntpd/ntp_proto.c.
- CVE-2015-7979
- CVE-2016-1547
* SECURITY UPDATE: Zero Origin Timestamp Bypass
- debian/patches/CVE-2015-8138.patch: check p_org in ntpd/ntp_proto.c.
- CVE-2015-8138
* SECURITY UPDATE: potential infinite loop in ntpq
- debian/patches/CVE-2015-8158.patch: add time checks to ntpdc/ntpdc.c,
ntpq/ntpq.c.
- CVE-2015-8158
* SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050)
- debian/ntp.cron.daily: fix security issues, patch thanks to halfdog!
- CVE-2016-0727
* SECURITY UPDATE: time spoofing via interleaved symmetric mode
- debian/patches/CVE-2016-1548.patch: check for bogus packets in
ntpd/ntp_proto.c.
- CVE-2016-1548
* SECURITY UPDATE: buffer comparison timing attacks
- debian/patches/CVE-2016-1550.patch: use CRYPTO_memcmp in
libntp/a_md5encrypt.c, sntp/crypto.c.
- CVE-2016-1550
* SECURITY UPDATE: DoS via duplicate IPs on unconfig directives
- debian/patches/CVE-2016-2516.patch: improve logic in
ntpd/ntp_request.c.
- CVE-2016-2516
* SECURITY UPDATE: denial of service via crafted addpeer
- debian/patches/CVE-2016-2518.patch: check mode value in
ntpd/ntp_request.c.
- CVE-2016-2518
* SECURITY UPDATE: denial of service via spoofed packets
- debian/patches/CVE-2016-4954.patch: discard packet that fails tests
in ntpd/ntp_proto.c.
- CVE-2016-4954
* SECURITY UPDATE: denial of service via spoofed crypto-NAK or incorrect
MAC
- debian/patches/CVE-2016-4955.patch: fix checks in ntpd/ntp_proto.c.
- CVE-2016-4955
* SECURITY UPDATE: denial of service via spoofed broadcast packet
- debian/patches/CVE-2016-4956.patch: properly handle switch in
broadcast interleaved mode in ntpd/ntp_proto.c.
- CVE-2016-4956
-- Marc Deslauriers <email address hidden> Wed, 05 Oct 2016 08:19:03 -0400
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.10) trusty-security; urgency=medium
* SECURITY UPDATE: Deja Vu replay attack on authenticated broadcast mode
- debian/patches/CVE-2015-7973.patch: improve timestamp verification in
include/ntp.h, ntpd/ntp_proto.c.
- CVE-2015-7973
* SECURITY UPDATE: impersonation between authenticated peers
- debian/patches/CVE-2015-7974.patch: check key ID in ntpd/ntp_proto.c.
- CVE-2015-7974
* SECURITY UPDATE: ntpq saveconfig command allows dangerous characters in
filenames
- debian/patches/CVE-2015-7976.patch: check filename in
ntpd/ntp_control.c.
- CVE-2015-7976
* SECURITY UPDATE: restrict list denial of service
- debian/patches/CVE-2015-7977-7978.patch: improve restrict list
processing in ntpd/ntp_request.c.
- CVE-2015-7977
- CVE-2015-7978
* SECURITY UPDATE: authenticated broadcast mode off-path denial of
service
- debian/patches/CVE-2015-7979.patch: add more checks to
ntpd/ntp_proto.c.
- CVE-2015-7979
- CVE-2016-1547
* SECURITY UPDATE: Zero Origin Timestamp Bypass
- debian/patches/CVE-2015-8138.patch: check p_org in ntpd/ntp_proto.c.
- CVE-2015-8138
* SECURITY UPDATE: potential infinite loop in ntpq
- debian/patches/CVE-2015-8158.patch: add time checks to ntpdc/ntpdc.c,
ntpq/ntpq.c.
- CVE-2015-8158
* SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050)
- debian/ntp.cron.daily: fix security issues, patch thanks to halfdog!
- CVE-2016-0727
* SECURITY UPDATE: time spoofing via interleaved symmetric mode
- debian/patches/CVE-2016-1548.patch: check for bogus packets in
ntpd/ntp_proto.c.
- CVE-2016-1548
* SECURITY UPDATE: buffer comparison timing attacks
- debian/patches/CVE-2016-1550.patch: use CRYPTO_memcmp in
libntp/a_md5encrypt.c, sntp/crypto.c.
- CVE-2016-1550
* SECURITY UPDATE: DoS via duplicate IPs on unconfig directives
- debian/patches/CVE-2016-2516.patch: improve logic in
ntpd/ntp_request.c.
- CVE-2016-2516
* SECURITY UPDATE: denial of service via crafted addpeer
- debian/patches/CVE-2016-2518.patch: check mode value in
ntpd/ntp_request.c.
- CVE-2016-2518
* SECURITY UPDATE: denial of service via spoofed packets
- debian/patches/CVE-2016-4954.patch: discard packet that fails tests
in ntpd/ntp_proto.c.
- CVE-2016-4954
* SECURITY UPDATE: denial of service via spoofed crypto-NAK or incorrect
MAC
- debian/patches/CVE-2016-4955.patch: fix checks in ntpd/ntp_proto.c.
- CVE-2016-4955
* SECURITY UPDATE: denial of service via spoofed broadcast packet
- debian/patches/CVE-2016-4956.patch: properly handle switch in
broadcast interleaved mode in ntpd/ntp_proto.c.
- CVE-2016-4956
-- Marc Deslauriers <email address hidden> Wed, 05 Oct 2016 08:13:23 -0400
ntp (1:4.2.8p4+dfsg-3ubuntu5.3) xenial-security; urgency=medium
* SECURITY UPDATE: Deja Vu replay attack on authenticated broadcast mode
- debian/patches/CVE-2015-7973.patch: improve timestamp verification in
include/ntp.h, ntpd/ntp_proto.c.
- CVE-2015-7973
* SECURITY UPDATE: impersonation between authenticated peers
- debian/patches/CVE-2015-7974.patch: check key ID in ntpd/ntp_proto.c.
- CVE-2015-7974
* SECURITY UPDATE: ntpq buffer overflow
- debian/patches/CVE-2015-7975.patch: add length check to ntpq/ntpq.c.
- CVE-2015-7975
* SECURITY UPDATE: ntpq saveconfig command allows dangerous characters in
filenames
- debian/patches/CVE-2015-7976.patch: check filename in
ntpd/ntp_control.c.
- CVE-2015-7976
* SECURITY UPDATE: restrict list denial of service
- debian/patches/CVE-2015-7977-7978.patch: improve restrict list
processing in ntpd/ntp_request.c.
- CVE-2015-7977
- CVE-2015-7978
* SECURITY UPDATE: authenticated broadcast mode off-path denial of
service
- debian/patches/CVE-2015-7979.patch: add more checks to
ntpd/ntp_proto.c.
- CVE-2015-7979
- CVE-2016-1547
* SECURITY UPDATE: Zero Origin Timestamp Bypass
- debian/patches/CVE-2015-8138.patch: check p_org in ntpd/ntp_proto.c.
- CVE-2015-8138
* SECURITY UPDATE: potential infinite loop in ntpq
- debian/patches/CVE-2015-8158.patch: add time checks to ntpdc/ntpdc.c,
ntpq/ntpq.c.
- CVE-2015-8158
* SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050)
- debian/ntp.cron.daily: fix security issues, patch thanks to halfdog!
- CVE-2016-0727
* SECURITY UPDATE: time spoofing via interleaved symmetric mode
- debian/patches/CVE-2016-1548.patch: check for bogus packets in
ntpd/ntp_proto.c.
- CVE-2016-1548
* SECURITY UPDATE: buffer comparison timing attacks
- debian/patches/CVE-2016-1550.patch: use CRYPTO_memcmp in
libntp/a_md5encrypt.c, sntp/crypto.c.
- CVE-2016-1550
* SECURITY UPDATE: DoS via duplicate IPs on unconfig directives
- debian/patches/CVE-2016-2516.patch: improve logic in
ntpd/ntp_request.c.
- CVE-2016-2516
* SECURITY UPDATE: denial of service via crafted addpeer
- debian/patches/CVE-2016-2518.patch: check mode value in
ntpd/ntp_request.c.
- CVE-2016-2518
* SECURITY UPDATE: denial of service via spoofed packets
- debian/patches/CVE-2016-4954.patch: discard packet that fails tests
in ntpd/ntp_proto.c.
- CVE-2016-4954
* SECURITY UPDATE: denial of service via spoofed crypto-NAK or incorrect
MAC
- debian/patches/CVE-2016-4955.patch: fix checks in ntpd/ntp_proto.c.
- CVE-2016-4955
* SECURITY UPDATE: denial of service via spoofed broadcast packet
- debian/patches/CVE-2016-4956.patch: properly handle switch in
broadcast interleaved mode in ntpd/ntp_proto.c.
- CVE-2016-4956
-- Marc Deslauriers <email address hidden> Wed, 05 Oct 2016 08:01:29 -0400
Available diffs
ntp (1:4.2.8p4+dfsg-3ubuntu5.2) xenial; urgency=medium * Fix ntpdate-debian to be able to parse new config of ntp (LP: #1576698) -- Christian Ehrhardt <email address hidden> Tue, 20 Sep 2016 14:24:29 +0200
Available diffs
| Superseded in zesty-release |
| Obsolete in yakkety-release |
| Deleted in yakkety-proposed (Reason: moved to release) |
ntp (1:4.2.8p8+dfsg-1ubuntu2) yakkety; urgency=medium * Fix ntpdate-debian to be able to parse new config of ntp (LP: #1576698) -- Christian Ehrhardt <email address hidden> Fri, 26 Aug 2016 15:11:15 +0200
Available diffs
ntp (1:4.2.8p4+dfsg-3ubuntu5.1) xenial; urgency=medium
* d/p/ntp-4.2.8p4-segfaults-[1-3]-3.patch fix startup crashes by
including Juergen Perlinger's work on upstream bugs 2954 and 2831 to
fix those (LP: #1567540).
-- Christian Ehrhardt <email address hidden> Mon, 01 Aug 2016 10:50:52 +0200
Available diffs
ntp (1:4.2.8p8+dfsg-1ubuntu1) yakkety; urgency=medium
[ Christian Ehrhardt ]
* Merge from Debian testing. Remaining changes:
+ debian/rules: enable debugging. Asked debian to add this in bug #643954.
+ debian/rules, debian/ntp.dirs, debian/source_ntp.py: Add apport hook.
+ debian/control: Add Suggests on apparmor.
+ debian/source_ntp.py: Add filter on AppArmor profile names to prevent
false positives from denials originating in other packages
+ debian/ntpdate.if-up: Fix interaction with openntpd. Stop ntp before
running ntpdate when an interface comes up, then start again afterwards.
+ debian/ntp.init, debian/rules: Only stop when entering single user mode,
don't use /var/lib/ntp/ntp.conf.dhcp if /etc/ntp.conf is newer - it can
get stale. Patch by Simon Déziel.
+ debian/ntp.conf, debian/ntpdate.default: Change default server to
ntp.ubuntu.com.
+ debian/control: Add bison to Build-Depends (for ntpd/ntp_parser.y).
+ Extend PPS support
- debian/README.Debian: Add a PPS section to the README.Debian
- debian/ntp.conf: Add some configuration examples from the offical
documentation.
+ SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050)
- debian/ntp.cron.daily: fix security issues, patch thanks to halfdog!
- CVE-2016-0727
+ Merge also contains an upstream fix that solves (LP: #1567540)
* Added changes
+ match Ubuntu packages now that Debian has ntp apparmor accepted in
d/control for Apparmor conflicts/replaces
+ d/apparmor-profile add samba winbindd pipe (LP: #1582767)
* Drop Changes:
+ Add enforcing AppArmor profile (accepted in Debian):
- debian/control: Add Conflicts/Replaces on apparmor-profiles.
- debian/control: Add Suggests on apparmor.
- debian/control: Build-Depends on dh-apparmor.
- add debian/apparmor-profile*.
- debian/ntp.dirs: Add apparmor directories.
- debian/rules: Install apparmor-profile and apparmor-profile.tunable.
- debian/source_ntp.py: Add filter on AppArmor profile names to prevent
false positives from denials originating in other packages.
- debian/README.Debian: Add note on AppArmor.
+ Add PPS support (accepted in Debian)
- debian/control: Add Build-Depends on pps-tools
+ debian/apparmor-profile: allow 'rw' access to /dev/pps[0-9]* devices.
+ d/p/fix_local_sync.patch: fix local clock sync (fixed upstream)
+ debian/patches/ntpdate-fix-lp1526264.patch (fixed upstream):
- Add Alfonso Sanchez-Beato's patch for fixing the cannot correct dates in
the future bug
+ debian/apparmor-profile: adjust to handle AF_UNSPEC with dgram and stream
+ dropping previous ubuntu security patches/fixes that have been upstreamed
in 4.2.8p6: CVE-2015-7973, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977,
CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8158
+ dropping previous ubuntu security patches/fixes that have been upstreamed
in 4.2.8p7: CVE-2016-1548, CVE-2016-1550, CVE-2016-2516, CVE-2016-2518,
CVE-2015-7974, CVE-2016-1547
[ Robie Basak ]
* Restore AppArmor entries in debian/ntp.dirs.
Available diffs
ntp (1:4.2.8p4+dfsg-3ubuntu6) yakkety; urgency=medium
* SECURITY UPDATE: Deja Vu replay attack on authenticated broadcast mode
- debian/patches/CVE-2015-7973.patch: improve timestamp verification in
include/ntp.h, ntpd/ntp_proto.c.
- CVE-2015-7973
* SECURITY UPDATE: impersonation between authenticated peers
- debian/patches/CVE-2015-7974.patch: check key ID in ntpd/ntp_proto.c.
- CVE-2015-7974
* SECURITY UPDATE: ntpq buffer overflow
- debian/patches/CVE-2015-7975.patch: add length check to ntpq/ntpq.c.
- CVE-2015-7975
* SECURITY UPDATE: ntpq saveconfig command allows dangerous characters in
filenames
- debian/patches/CVE-2015-7976.patch: check filename in
ntpd/ntp_control.c.
- CVE-2015-7976
* SECURITY UPDATE: restrict list denial of service
- debian/patches/CVE-2015-7977-7978.patch: improve restrict list
processing in ntpd/ntp_request.c.
- CVE-2015-7977
- CVE-2015-7978
* SECURITY UPDATE: authenticated broadcast mode off-path denial of
service
- debian/patches/CVE-2015-7979.patch: add more checks to
ntpd/ntp_proto.c.
- CVE-2015-7979
- CVE-2016-1547
* SECURITY UPDATE: Zero Origin Timestamp Bypass
- debian/patches/CVE-2015-8138.patch: check p_org in ntpd/ntp_proto.c.
- CVE-2015-8138
* SECURITY UPDATE: potential infinite loop in ntpq
- debian/patches/CVE-2015-8158.patch: add time checks to ntpdc/ntpdc.c,
ntpq/ntpq.c.
- CVE-2015-8158
* SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050)
- debian/ntp.cron.daily: fix security issues, patch thanks to halfdog!
- CVE-2016-0727
* SECURITY UPDATE: time spoofing via interleaved symmetric mode
- debian/patches/CVE-20xx-xxxx.patch: check for bogus packets in
ntpd/ntp_proto.c.
- CVE-2016-1548
* SECURITY UPDATE: buffer comparison timing attacks
- debian/patches/CVE-2016-1550.patch: use CRYPTO_memcmp in
libntp/a_md5encrypt.c, sntp/crypto.c.
- CVE-2016-1550
* SECURITY UPDATE: DoS via duplicate IPs on unconfig directives
- debian/patches/CVE-2016-2516.patch: improve logic in
ntpd/ntp_request.c.
- CVE-2016-2516
* SECURITY UPDATE: denial of service via crafted addpeer
- debian/patches/CVE-2016-2518.patch: check mode value in
ntpd/ntp_request.c.
- CVE-2016-2518
-- Marc Deslauriers <email address hidden> Wed, 01 Jun 2016 08:38:07 -0400
Available diffs
| 1 → 50 of 171 results | First • Previous • Next • Last |
