UbuntuUpdates.org

Package "ntp"

Name: ntp

Description:

Network Time Protocol daemon and utility programs
Latest version: 1:4.2.8p10+dfsg-5ubuntu7.3
Release: bionic (18.04)
Level: security
Repository: universe
Homepage: http://support.ntp.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ntp"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "ntp" in Bionic

Repository Area Version
base universe 1:4.2.8p10+dfsg-5ubuntu7
updates universe 1:4.2.8p10+dfsg-5ubuntu7.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:4.2.8p10+dfsg-5ubuntu7.3 2020-10-01 22:06:50 UTC

  ntp (1:4.2.8p10+dfsg-5ubuntu7.3) bionic-security; urgency=medium

  * SECURITY UPDATE: Null dereference attack in mode 6 packet (LP: #1891953)
    - debian/patches/CVE-2019-8936.patch: Guard against operations
      on NULL pointer in ntpd/ntp_control.c.
    - CVE-2019-8936

 -- Brian Morton <email address hidden> Mon, 17 Aug 2020 21:58:51 -0400
Source diff to previous version
1891953 CVE-2019-8936
CVE-2019-8936 NTP through 4.2.8p12 has a NULL Pointer Dereference.

Version: 1:4.2.8p10+dfsg-5ubuntu7.1 2018-07-09 18:07:05 UTC

  ntp (1:4.2.8p10+dfsg-5ubuntu7.1) bionic-security; urgency=medium

  * SECURITY UPDATE: DoS via mode 6 packet
    - debian/patches/CVE-2018-7182.patch: do not compare past NUL byte in
      ntpd/ntp_control.c.
    - CVE-2018-7182
  * SECURITY UPDATE: code execution via buffer overflow in decodearr
    - debian/patches/CVE-2018-7183.patch: prevent writing beyons limits in
      ntpq/ntpq.c.
    - CVE-2018-7183
  * SECURITY UPDATE: DoS via packet with zero-origin timestamp
    - debian/patches/CVE-2018-7184.patch: recover from bad state in
      ntpd/ntp_proto.c.
    - CVE-2018-7184
  * SECURITY UPDATE: DoS via certain packets with a zero-origin timestamp
    - debian/patches/CVE-2018-7185.patch: add additional checks to
      ntpd/ntp_proto.c.
    - CVE-2018-7185

 -- Marc Deslauriers <email address hidden> Fri, 06 Jul 2018 15:08:42 -0400
CVE-2018-7182 The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted
CVE-2018-7183 Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an
CVE-2018-7184 ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of se
CVE-2018-7185 The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet


About   -   Send Feedback to @ubuntu_updates