UbuntuUpdates.org

Package "ntp-doc"

Name: ntp-doc

Description:

Network Time Protocol documentation
Latest version: 1:4.2.8p4+dfsg-3ubuntu5.10
Release: xenial (16.04)
Level: updates
Repository: main
Head package: ntp
Homepage: http://support.ntp.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ntp-doc"

All arch deb package
APT INSTALL

Other versions of "ntp-doc" in Xenial

Repository Area Version
base main 1:4.2.8p4+dfsg-3ubuntu5
security main 1:4.2.8p4+dfsg-3ubuntu5.10

Changelog

Version: 1:4.2.8p4+dfsg-3ubuntu5.5 2017-07-05 21:06:42 UTC

  ntp (1:4.2.8p4+dfsg-3ubuntu5.5) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS via large request data value
    - debian/patches/CVE-2016-2519.patch: check packet in
      ntpd/ntp_control.c.
    - CVE-2016-2519
  * SECURITY UPDATE: DoS via responses with a spoofed source address
    - debian/patches/CVE-2016-7426.patch: improve rate limiting in
      ntpd/ntp_proto.c.
    - CVE-2016-7426
  * SECURITY UPDATE: DoS via crafted broadcast mode packet
    - debian/patches/CVE-2016-7427-1.patch: improve replay prevention
      logic in ntpd/ntp_proto.c.
    - CVE-2016-7427
  * SECURITY UPDATE: DoS via poll interval in a broadcast packet
    - debian/patches/CVE-2016-7428.patch: ensure at least one poll interval
      has elapsed in ntpd/ntp_proto.c, include/ntp.h.
    - CVE-2016-7428
  * SECURITY UPDATE: DoS via response for a source to an interface the
    source does not use
    - debian/patches/CVE-2016-7429-1.patch: add extra checks to
      ntpd/ntp_peer.c.
    - debian/patches/CVE-2016-7429-2.patch: check for NULL first in
      ntpd/ntp_peer.c.
    - debian/patches/CVE-2016-7429-3.patch: fix multicastclient regression
      in ntpd/ntp_peer.c.
    - CVE-2016-7429
  * SECURITY UPDATE: incorrect initial sync calculations
    - debian/patches/CVE-2016-7433.patch: use peer dispersion in
      ntpd/ntp_proto.c.
    - CVE-2016-7433
  * SECURITY UPDATE: DoS via crafted mrulist query
    - debian/patches/CVE-2016-7434.patch: added missing parameter
      validation to ntpd/ntp_control.c.
    - CVE-2016-7434
  * SECURITY UPDATE: traps can be set or unset via a crafted control mode
    packet
    - debian/patches/CVE-2016-9310.patch: require AUTH in
      ntpd/ntp_control.c.
    - CVE-2016-9310
  * SECURITY UPDATE: DoS when trap service is enabled
    - debian/patches/CVE-2016-9311.patch: make sure peer events are
      associated with a peer in ntpd/ntp_control.c.
    - CVE-2016-9311
  * SECURITY UPDATE: potential Overflows in ctl_put() functions
    - debian/patches/CVE-2017-6458.patch: check lengths in
      ntpd/ntp_control.c.
    - CVE-2017-6458
  * SECURITY UPDATE: overflow via long flagstr variable
    - debian/patches/CVE-2017-6460.patch: check length in ntpq/ntpq-subs.c.
    - CVE-2017-6460
  * SECURITY UPDATE: buffer overflow in DPTS refclock driver
    - debian/patches/CVE-2017-6462.patch: don't overrun buffer in
      ntpd/refclock_datum.c.
    - CVE-2017-6462
  * SECURITY UPDATE: DoS via invalid setting in a :config directive
    - debian/patches/CVE-2017-6463.patch: protect against overflow in
      ntpd/ntp_config.c.
    - CVE-2017-6463
  * SECURITY UPDATE: Dos via malformed mode configuration directive
    - debian/patches/CVE-2017-6464.patch: validate directives in
      ntpd/ntp_config.c, ntpd/ntp_proto.c.
    - CVE-2017-6464

 -- Marc Deslauriers <email address hidden> Wed, 28 Jun 2017 10:23:27 -0400
Source diff to previous version
CVE-2016-2519 ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, w
CVE-2016-7426 NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote
CVE-2016-7427 The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadca
CVE-2016-7428 ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast
CVE-2016-7429 NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denia
CVE-2016-7433 NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors,
CVE-2016-7434 The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
CVE-2016-9310 The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet
CVE-2016-9311 ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and cras
CVE-2017-6458 Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecifi
CVE-2017-6460 Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified imp
CVE-2017-6462 Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users
CVE-2017-6463 NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a
CVE-2017-6464 NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration dire

Version: 1:4.2.8p4+dfsg-3ubuntu5.4 2017-04-13 21:06:37 UTC

  ntp (1:4.2.8p4+dfsg-3ubuntu5.4) xenial; urgency=medium

  * Fix ntp.dhcp to also check for pool and better handle spaces and tabs.
    (LP: #1656801)

 -- Phil Roche <email address hidden> Thu, 19 Jan 2017 11:06:04 +0000
Source diff to previous version
1656801 ntp: changing the default config from server to pool broke the dhcp hook

Version: 1:4.2.8p4+dfsg-3ubuntu5.3 2016-10-05 21:06:56 UTC

  ntp (1:4.2.8p4+dfsg-3ubuntu5.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Deja Vu replay attack on authenticated broadcast mode
    - debian/patches/CVE-2015-7973.patch: improve timestamp verification in
      include/ntp.h, ntpd/ntp_proto.c.
    - CVE-2015-7973
  * SECURITY UPDATE: impersonation between authenticated peers
    - debian/patches/CVE-2015-7974.patch: check key ID in ntpd/ntp_proto.c.
    - CVE-2015-7974
  * SECURITY UPDATE: ntpq buffer overflow
    - debian/patches/CVE-2015-7975.patch: add length check to ntpq/ntpq.c.
    - CVE-2015-7975
  * SECURITY UPDATE: ntpq saveconfig command allows dangerous characters in
    filenames
    - debian/patches/CVE-2015-7976.patch: check filename in
      ntpd/ntp_control.c.
    - CVE-2015-7976
  * SECURITY UPDATE: restrict list denial of service
    - debian/patches/CVE-2015-7977-7978.patch: improve restrict list
      processing in ntpd/ntp_request.c.
    - CVE-2015-7977
    - CVE-2015-7978
  * SECURITY UPDATE: authenticated broadcast mode off-path denial of
    service
    - debian/patches/CVE-2015-7979.patch: add more checks to
      ntpd/ntp_proto.c.
    - CVE-2015-7979
    - CVE-2016-1547
  * SECURITY UPDATE: Zero Origin Timestamp Bypass
    - debian/patches/CVE-2015-8138.patch: check p_org in ntpd/ntp_proto.c.
    - CVE-2015-8138
  * SECURITY UPDATE: potential infinite loop in ntpq
    - debian/patches/CVE-2015-8158.patch: add time checks to ntpdc/ntpdc.c,
      ntpq/ntpq.c.
    - CVE-2015-8158
  * SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050)
    - debian/ntp.cron.daily: fix security issues, patch thanks to halfdog!
    - CVE-2016-0727
  * SECURITY UPDATE: time spoofing via interleaved symmetric mode
    - debian/patches/CVE-2016-1548.patch: check for bogus packets in
      ntpd/ntp_proto.c.
    - CVE-2016-1548
  * SECURITY UPDATE: buffer comparison timing attacks
    - debian/patches/CVE-2016-1550.patch: use CRYPTO_memcmp in
      libntp/a_md5encrypt.c, sntp/crypto.c.
    - CVE-2016-1550
  * SECURITY UPDATE: DoS via duplicate IPs on unconfig directives
    - debian/patches/CVE-2016-2516.patch: improve logic in
      ntpd/ntp_request.c.
    - CVE-2016-2516
  * SECURITY UPDATE: denial of service via crafted addpeer
    - debian/patches/CVE-2016-2518.patch: check mode value in
      ntpd/ntp_request.c.
    - CVE-2016-2518
  * SECURITY UPDATE: denial of service via spoofed packets
    - debian/patches/CVE-2016-4954.patch: discard packet that fails tests
      in ntpd/ntp_proto.c.
    - CVE-2016-4954
  * SECURITY UPDATE: denial of service via spoofed crypto-NAK or incorrect
    MAC
    - debian/patches/CVE-2016-4955.patch: fix checks in ntpd/ntp_proto.c.
    - CVE-2016-4955
  * SECURITY UPDATE: denial of service via spoofed broadcast packet
    - debian/patches/CVE-2016-4956.patch: properly handle switch in
      broadcast interleaved mode in ntpd/ntp_proto.c.
    - CVE-2016-4956

 -- Marc Deslauriers <email address hidden> Wed, 05 Oct 2016 08:01:29 -0400
Source diff to previous version
1528050 NTP statsdir cleanup cronjob insecure
CVE-2015-7973 Deja Vu: Replay attack on authenticated broadcast mode
CVE-2015-7974 NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remot
CVE-2015-7975 nextvar() missing length check
CVE-2015-7976 ntpq saveconfig command allows dangerous characters in filenames
CVE-2015-7977 reslist NULL pointer dereference
CVE-2015-7978 Stack exhaustion in recursive traversal of restriction list
CVE-2015-7979 Off-path Denial of Service (DoS) attack on authenticated broadcast mode
CVE-2016-1547 Validate crypto-NAKs
CVE-2015-8138 ntp: missing check for zero originate timestamp
CVE-2015-8158 Potential Infinite Loop in ntpq
CVE-2016-0727 NTP statsdir cleanup cronjob insecure
CVE-2016-1548 Change the time of an ntpd client or deny service to an ntpd client by forcing it to change from basic client/server mode to interleaved symmetric mo
CVE-2016-1550 Timing attack for authenticated packets
CVE-2016-2516 Duplicate IPs on unconfig directives will cause an assertion failure
CVE-2016-2518 Crafted addpeer with hmode > 7 causes out-of-bounds reference
CVE-2016-4954 The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modi
CVE-2016-4955 ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association
CVE-2016-4956 ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broad

Version: 1:4.2.8p4+dfsg-3ubuntu5.2 2016-10-04 17:06:18 UTC

  ntp (1:4.2.8p4+dfsg-3ubuntu5.2) xenial; urgency=medium

  * Fix ntpdate-debian to be able to parse new config of ntp (LP: #1576698)

 -- Christian Ehrhardt <email address hidden> Tue, 20 Sep 2016 14:24:29 +0200
Source diff to previous version
1576698 ntpdate-debian not working

Version: 1:4.2.8p4+dfsg-3ubuntu5.1 2016-08-24 15:06:59 UTC

  ntp (1:4.2.8p4+dfsg-3ubuntu5.1) xenial; urgency=medium

  * d/p/ntp-4.2.8p4-segfaults-[1-3]-3.patch fix startup crashes by
    including Juergen Perlinger's work on upstream bugs 2954 and 2831 to
    fix those (LP: #1567540).

 -- Christian Ehrhardt <email address hidden> Mon, 01 Aug 2016 10:50:52 +0200
1567540 ntpd crashed with SIGABRT (was: ntp crashes everytime the network goes up or down.)


About   -   Send Feedback to @ubuntu_updates