Package "ntp"
Name: |
ntp
|
Description: |
Network Time Protocol daemon and utility programs
|
Latest version: |
1:4.2.6.p3+dfsg-1ubuntu3.13 |
Release: |
precise (12.04) |
Level: |
security |
Repository: |
main |
Homepage: |
http://support.ntp.org/ |
Links
Download "ntp"
Other versions of "ntp" in Precise
Packages in group
Deleted packages are displayed in grey.
Changelog
ntp (1:4.2.6.p3+dfsg-1ubuntu3.2) precise-security; urgency=medium
* SECURITY UPDATE: weak default key in config_auth()
- debian/patches/CVE-2014-9293.patch: use openssl for random key in
ntpd/ntp_config.c, ntpd/ntpd.c.
- CVE-2014-9293
* SECURITY UPDATE: non-cryptographic random number generator with weak
seed used by ntp-keygen to generate symmetric keys
- debian/patches/CVE-2014-9294.patch: use openssl for random key in
include/ntp_random.h, libntp/ntp_random.c, util/ntp-keygen.c.
- CVE-2014-9294
* SECURITY UPDATE: buffer overflows in crypto_recv(), ctl_putdata(),
configure()
- debian/patches/CVE-2014-9295.patch: check lengths in
ntpd/ntp_control.c, ntpd/ntp_crypto.c.
- CVE-2014-9295
* SECURITY UPDATE: missing return on error in receive()
- debian/patches/CVE-2015-9296.patch: add missing return in
ntpd/ntp_proto.c.
- CVE-2014-9296
-- Marc Deslauriers <email address hidden> Sat, 20 Dec 2014 06:07:49 -0500
|
CVE-2014-9293 |
The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for re |
CVE-2014-9294 |
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic prot |
CVE-2014-9295 |
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to ( |
CVE-2014-9296 |
The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allo |
|
About
-
Send Feedback to @ubuntu_updates