UbuntuUpdates.org

Package "ntp-doc"

Name: ntp-doc

Description:

Network Time Protocol documentation
Latest version: 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13
Release: trusty (14.04)
Level: security
Repository: main
Head package: ntp
Homepage: http://support.ntp.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ntp-doc"

All arch deb package
APT INSTALL

Other versions of "ntp-doc" in Trusty

Repository Area Version
base main 1:4.2.6.p5+dfsg-3ubuntu2
updates main 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13

Changelog

Version: 1:4.2.6.p5+dfsg-3ubuntu2.14.04.2 2015-02-09 18:06:43 UTC

  ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.2) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible info leakage via
    extension fields
    - debian/patches/CVE-2014-9297.patch: properly check lengths in
      ntpd/ntp_crypto.c, ntpd/ntp_proto.c.
    - CVE-2014-9297
  * SECURITY UPDATE: IPv6 ACL bypass
    - debian/patches/CVE-2014-9298.patch: check for spoofed ::1 in
      ntpd/ntp_io.c.
    - CVE-2014-9298
 -- Marc Deslauriers <email address hidden> Fri, 06 Feb 2015 09:10:10 -0500
Source diff to previous version

Version: 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1 2014-12-22 14:06:37 UTC

  ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.1) trusty-security; urgency=medium

  * SECURITY UPDATE: weak default key in config_auth()
    - debian/patches/CVE-2014-9293.patch: use openssl for random key in
      ntpd/ntp_config.c, ntpd/ntpd.c.
    - CVE-2014-9293
  * SECURITY UPDATE: non-cryptographic random number generator with weak
    seed used by ntp-keygen to generate symmetric keys
    - debian/patches/CVE-2014-9294.patch: use openssl for random key in
      include/ntp_random.h, libntp/ntp_random.c, util/ntp-keygen.c.
    - CVE-2014-9294
  * SECURITY UPDATE: buffer overflows in crypto_recv(), ctl_putdata(),
    configure()
    - debian/patches/CVE-2014-9295.patch: check lengths in
      ntpd/ntp_control.c, ntpd/ntp_crypto.c.
    - CVE-2014-9295
  * SECURITY UPDATE: missing return on error in receive()
    - debian/patches/CVE-2015-9296.patch: add missing return in
      ntpd/ntp_proto.c.
    - CVE-2014-9296
 -- Marc Deslauriers <email address hidden> Sat, 20 Dec 2014 06:06:22 -0500
CVE-2014-9293 The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for re
CVE-2014-9294 util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic prot
CVE-2014-9295 Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (
CVE-2014-9296 The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allo


About   -   Send Feedback to @ubuntu_updates