Package "ntp"
Name: |
ntp
|
Description: |
Network Time Protocol daemon and utility programs
|
Latest version: |
1:4.2.6.p5+dfsg-3ubuntu2.14.04.13 |
Release: |
trusty (14.04) |
Level: |
updates |
Repository: |
main |
Homepage: |
http://support.ntp.org/ |
Links
Download "ntp"
Other versions of "ntp" in Trusty
Packages in group
Deleted packages are displayed in grey.
Changelog
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.7) trusty; urgency=medium
* Use a single lockfile again - instead unlock the file before starting the
init script. The lock sho uld be shared - both services can't run at the
same time. (LP: #1125726)
-- Cam Cope <email address hidden> Tue, 19 Jan 2016 10:22:39 +0000
|
Source diff to previous version |
1125726 |
boot-time race between /etc/network/if-up.d/ntpdate and \ |
|
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.6) trusty; urgency=medium
* Fix use-after-free in routing socket code (closes: #795315)
- debian/patches/use-after-free-in-routing-socket.patch:
fix logic in ntpd/ntp_io.c (LP: #1481388)
-- Eric Desrochers Thu, 29 Oct 2015 09:34:22 -0400
|
Source diff to previous version |
1481388 |
NTP : Use-after-free in routing socket code after dropping root |
795315 |
/usr/sbin/ntpd: ntpd segfaults in input_handler at ntp_io.c:3642 - Debian Bug report logs |
|
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.5) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted NUL-byte in
configuration directive
- debian/patches/CVE-2015-5146.patch: properly validate command in
ntpd/ntp_control.c.
- CVE-2015-5146
* SECURITY UPDATE: denial of service via malformed logconfig commands
- debian/patches/CVE-2015-5194.patch: fix logconfig logic in
ntpd/ntp_parser.y.
- CVE-2015-5194
* SECURITY UPDATE: denial of service via disabled statistics type
- debian/patches/CVE-2015-5195.patch: handle unrecognized types in
ntpd/ntp_config.c.
- CVE-2015-5195
* SECURITY UPDATE: file overwrite via remote pidfile and driftfile
configuration directives
- debian/patches/CVE-2015-5196.patch: disable remote configuration in
ntpd/ntp_parser.y.
- CVE-2015-5196
- CVE-2015-7703
* SECURITY UPDATE: denial of service via precision value conversion
- debian/patches/CVE-2015-5219.patch: use ldexp for LOGTOD in
include/ntp.h.
- CVE-2015-5219
* SECURITY UPDATE: timeshifting by reboot issue
- debian/patches/CVE-2015-5300.patch: disable panic in
ntpd/ntp_loopfilter.c.
- CVE-2015-5300
* SECURITY UPDATE: incomplete autokey data packet length checks
- debian/patches/CVE-2015-7691.patch: add length and size checks to
ntpd/ntp_crypto.c.
- CVE-2015-7691
- CVE-2015-7692
- CVE-2015-7702
* SECURITY UPDATE: memory leak in CRYPTO_ASSOC
- debian/patches/CVE-2015-7701.patch: add missing free in
ntpd/ntp_crypto.c.
- CVE-2015-7701
* SECURITY UPDATE: denial of service by spoofed KoD
- debian/patches/CVE-2015-7704.patch: add check to ntpd/ntp_proto.c.
- CVE-2015-7704
- CVE-2015-7705
* SECURITY UPDATE: denial of service via same logfile and keyfile
- debian/patches/CVE-2015-7850.patch: rate limit errors in
include/ntp_stdlib.h, include/ntp_syslog.h, libntp/authreadkeys.c,
libntp/msyslog.c.
- CVE-2015-7850
* SECURITY UPDATE: ntpq atoascii memory corruption
- debian/patches/CVE-2015-7852.patch: avoid buffer overrun in
ntpq/ntpq.c.
- CVE-2015-7852
* SECURITY UPDATE: buffer overflow via custom refclock driver
- debian/patches/CVE-2015-7853.patch: properly calculate length in
ntpd/ntp_io.c.
- CVE-2015-7853
* SECURITY UPDATE: denial of service via ASSERT in decodenetnum
- debian/patches/CVE-2015-7855.patch: simply return fail in
libntp/decodenetnum.c.
- CVE-2015-7855
* SECURITY UPDATE: symmetric association authentication bypass via
crypto-NAK
- debian/patches/CVE-2015-7871.patch: drop unhandled packet in
ntpd/ntp_proto.c.
- CVE-2015-7871
* debian/control: add bison to Build-Depends.
* debian/rules: remove ntp/ntp_parser.{c,h} or they don't get properly
regenerated for some reason.
* This package does _not_ contain the changes from
(1:4.2.6.p5+dfsg-3ubuntu2.14.04.4) in trusty-proposed.
-- Marc Deslauriers Fri, 23 Oct 2015 11:47:46 -0400
|
Source diff to previous version |
CVE-2015-5146 |
ntpd control message crash: Crafted NUL-byte in configuration directive |
CVE-2015-5194 |
crash with crafted logconfig configuration command |
CVE-2015-5195 |
ntpd crash when processing config commands with statistics type |
CVE-2015-5219 |
infinite loop in sntp processing crafted packet |
CVE-2015-5300 |
MITM attacker can force ntpd to make a step larger than the panic threshold |
|
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.3) trusty-security; urgency=medium
* SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
- debian/patches/CVE-2015-1798.patch: reject packets without MAC in
ntpd/ntp_proto.c.
- CVE-2015-1798
* SECURITY UPDATE: symmetric association DoS attack
- debian/patches/CVE-2015-1799.patch: don't update state variables when
authentication fails in ntpd/ntp_proto.c.
- CVE-2015-1799
* SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
endian platforms
- debian/patches/ntp-keygen-endless-loop.patch: fix logic in
util/ntp-keygen.c.
- CVE number pending
-- Marc Deslauriers <email address hidden> Mon, 13 Apr 2015 09:05:27 -0400
|
Source diff to previous version |
CVE-2015-1798 |
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a |
CVE-2015-1799 |
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon recei |
|
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.2) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service and possible info leakage via
extension fields
- debian/patches/CVE-2014-9297.patch: properly check lengths in
ntpd/ntp_crypto.c, ntpd/ntp_proto.c.
- CVE-2014-9297
* SECURITY UPDATE: IPv6 ACL bypass
- debian/patches/CVE-2014-9298.patch: check for spoofed ::1 in
ntpd/ntp_io.c.
- CVE-2014-9298
-- Marc Deslauriers <email address hidden> Fri, 06 Feb 2015 09:10:10 -0500
|
About
-
Send Feedback to @ubuntu_updates