UbuntuUpdates.org

Package "sntp"

Name: sntp

Description:

Network Time Protocol - sntp client

Latest version: 1:4.2.8p10+dfsg-5ubuntu7.3
Release: bionic (18.04)
Level: updates
Repository: universe
Head package: ntp
Homepage: http://support.ntp.org/

Links


Download "sntp"


Other versions of "sntp" in Bionic

Repository Area Version
base universe 1:4.2.8p10+dfsg-5ubuntu7
security universe 1:4.2.8p10+dfsg-5ubuntu7.3

Changelog

Version: 1:4.2.8p10+dfsg-5ubuntu7.3 2020-10-01 22:06:51 UTC

  ntp (1:4.2.8p10+dfsg-5ubuntu7.3) bionic-security; urgency=medium

  * SECURITY UPDATE: Null dereference attack in mode 6 packet (LP: #1891953)
    - debian/patches/CVE-2019-8936.patch: Guard against operations
      on NULL pointer in ntpd/ntp_control.c.
    - CVE-2019-8936

 -- Brian Morton <email address hidden> Mon, 17 Aug 2020 21:58:51 -0400

Source diff to previous version
1891953 CVE-2019-8936
CVE-2019-8936 NTP through 4.2.8p12 has a NULL Pointer Dereference.

Version: 1:4.2.8p10+dfsg-5ubuntu7.2 2020-08-04 15:06:28 UTC

  ntp (1:4.2.8p10+dfsg-5ubuntu7.2) bionic; urgency=medium

  * ntpq should check return code from libcrypto calls (LP: #1884265)
    - debian/patches/ntpq-openssl-check.patch

 -- Joy Latten <email address hidden> Thu, 09 Jul 2020 21:11:52 +0000

Source diff to previous version
1884265 [fips] ntpq segfaults when attempting to use MD5 from FIPS-openssl library.

Version: 1:4.2.8p10+dfsg-5ubuntu7.1 2018-07-09 19:07:10 UTC

  ntp (1:4.2.8p10+dfsg-5ubuntu7.1) bionic-security; urgency=medium

  * SECURITY UPDATE: DoS via mode 6 packet
    - debian/patches/CVE-2018-7182.patch: do not compare past NUL byte in
      ntpd/ntp_control.c.
    - CVE-2018-7182
  * SECURITY UPDATE: code execution via buffer overflow in decodearr
    - debian/patches/CVE-2018-7183.patch: prevent writing beyons limits in
      ntpq/ntpq.c.
    - CVE-2018-7183
  * SECURITY UPDATE: DoS via packet with zero-origin timestamp
    - debian/patches/CVE-2018-7184.patch: recover from bad state in
      ntpd/ntp_proto.c.
    - CVE-2018-7184
  * SECURITY UPDATE: DoS via certain packets with a zero-origin timestamp
    - debian/patches/CVE-2018-7185.patch: add additional checks to
      ntpd/ntp_proto.c.
    - CVE-2018-7185

 -- Marc Deslauriers <email address hidden> Fri, 06 Jul 2018 15:08:42 -0400

CVE-2018-7182 The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted
CVE-2018-7183 Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an
CVE-2018-7184 ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of se
CVE-2018-7185 The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet



About   -   Send Feedback to @ubuntu_updates