ntp 1:4.2.6.p3+dfsg-1ubuntu3.6 source package in Ubuntu

Changelog

ntp (1:4.2.6.p3+dfsg-1ubuntu3.6) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted NUL-byte in
    configuration directive
    - debian/patches/CVE-2015-5146.patch: properly validate command in
      ntpd/ntp_control.c.
    - CVE-2015-5146
  * SECURITY UPDATE: denial of service via malformed logconfig commands
    - debian/patches/CVE-2015-5194.patch: fix logconfig logic in
      ntpd/ntp_parser.y.
    - CVE-2015-5194
  * SECURITY UPDATE: denial of service via disabled statistics type
    - debian/patches/CVE-2015-5195.patch: handle unrecognized types in
      ntpd/ntp_config.c.
    - CVE-2015-5195
  * SECURITY UPDATE: file overwrite via remote pidfile and driftfile
    configuration directives
    - debian/patches/CVE-2015-5196.patch: disable remote configuration in
      ntpd/ntp_parser.y.
    - CVE-2015-5196
    - CVE-2015-7703
  * SECURITY UPDATE: denial of service via precision value conversion
    - debian/patches/CVE-2015-5219.patch: use ldexp for LOGTOD in
      include/ntp.h.
    - CVE-2015-5219
  * SECURITY UPDATE: timeshifting by reboot issue
    - debian/patches/CVE-2015-5300.patch: disable panic in
      ntpd/ntp_loopfilter.c.
    - CVE-2015-5300
  * SECURITY UPDATE: incomplete autokey data packet length checks
    - debian/patches/CVE-2015-7691.patch: add length and size checks to
      ntpd/ntp_crypto.c.
    - CVE-2015-7691
    - CVE-2015-7692
    - CVE-2015-7702
  * SECURITY UPDATE: memory leak in CRYPTO_ASSOC
    - debian/patches/CVE-2015-7701.patch: add missing free in
      ntpd/ntp_crypto.c.
    - CVE-2015-7701
  * SECURITY UPDATE: denial of service by spoofed KoD
    - debian/patches/CVE-2015-7704.patch: add check to ntpd/ntp_proto.c.
    - CVE-2015-7704
    - CVE-2015-7705
  * SECURITY UPDATE: denial of service via same logfile and keyfile
    - debian/patches/CVE-2015-7850.patch: rate limit errors in
      include/ntp_stdlib.h, include/ntp_syslog.h, libntp/authreadkeys.c,
      libntp/msyslog.c.
    - CVE-2015-7850
  * SECURITY UPDATE: ntpq atoascii memory corruption
    - debian/patches/CVE-2015-7852.patch: avoid buffer overrun in
      ntpq/ntpq.c.
    - CVE-2015-7852
  * SECURITY UPDATE: buffer overflow via custom refclock driver
    - debian/patches/CVE-2015-7853.patch: properly calculate length in
      ntpd/ntp_io.c.
    - CVE-2015-7853
  * SECURITY UPDATE: denial of service via ASSERT in decodenetnum
    - debian/patches/CVE-2015-7855.patch: simply return fail in
      libntp/decodenetnum.c.
    - CVE-2015-7855
  * SECURITY UPDATE: symmetric association authentication bypass via
    crypto-NAK
    - debian/patches/CVE-2015-7871.patch: drop unhandled packet in
      ntpd/ntp_proto.c.
    - CVE-2015-7871
  * debian/control: add bison to Build-Depends.
  * debian/rules: remove ntp/ntp_parser.{c,h} or they don't get properly
    regenerated for some reason.
  * This package does _not_ contain the changes from
    (1:4.2.6.p3+dfsg-1ubuntu3.5) in precise-proposed.

 -- Marc Deslauriers <email address hidden>  Fri, 23 Oct 2015 11:57:50 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2015-10-23
Uploaded to:
Precise
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
ntp_4.2.6.p3+dfsg.orig.tar.gz 4.0 MiB 8dba919842f6b14ca3569d900fb537ed5207a135d3bf631961a00ffd4936368d
ntp_4.2.6.p3+dfsg-1ubuntu3.6.debian.tar.gz 571.5 KiB d15ea981f836370f068c854a644be1d680a29ef53bca98ddd5c37da033215089
ntp_4.2.6.p3+dfsg-1ubuntu3.6.dsc 2.3 KiB 96ba8494f959655a2414e90813e475d70429fa47552d295c5a4dc04b4fc0f6cb

View changes file

Binary packages built by this source

ntp: Network Time Protocol daemon and utility programs

 NTP, the Network Time Protocol, is used to keep computer clocks
 accurate by synchronizing them over the Internet or a local network,
 or by following an accurate hardware receiver that interprets GPS,
 DCF-77, NIST or similar time signals.
 .
 This package contains the NTP daemon and utility programs. An NTP
 daemon needs to be running on each host that is to have its clock
 accuracy controlled by NTP. The same NTP daemon is also used to
 provide NTP service to other hosts.
 .
 For more information about the NTP protocol and NTP server
 configuration and operation, install the package "ntp-doc".

ntp-dbgsym: debug symbols for package ntp

 NTP, the Network Time Protocol, is used to keep computer clocks
 accurate by synchronizing them over the Internet or a local network,
 or by following an accurate hardware receiver that interprets GPS,
 DCF-77, NIST or similar time signals.
 .
 This package contains the NTP daemon and utility programs. An NTP
 daemon needs to be running on each host that is to have its clock
 accuracy controlled by NTP. The same NTP daemon is also used to
 provide NTP service to other hosts.
 .
 For more information about the NTP protocol and NTP server
 configuration and operation, install the package "ntp-doc".

ntp-doc: Network Time Protocol documentation

 NTP, the Network Time Protocol, is used to keep computer clocks
 accurate by synchronizing them over the Internet or a local network,
 or by following an accurate hardware receiver that interprets GPS,
 DCF-77, NIST or similar time signals.
 .
 This package contains HTML documentation for the ntp packages (ntp,
 ntpdate). Since there are no substantive man pages for ntp's
 programs and configuration files, this package is desirable for any
 setup beyond the simple default configuration.

ntpdate: client for setting system time from NTP servers

 NTP, the Network Time Protocol, is used to keep computer clocks
 accurate by synchronizing them over the Internet or a local network,
 or by following an accurate hardware receiver that interprets GPS,
 DCF-77, NIST or similar time signals.
 .
 ntpdate is a simple NTP client that sets a system's clock to match
 the time obtained by communicating with one or more NTP servers. It
 is not sufficient, however, for maintaining an accurate clock in the
 long run. ntpdate by itself is useful for occasionally setting the
 time on machines that do not have full-time network access, such as
 laptops.
 .
 If the full NTP daemon from the package "ntp" is installed, then
 ntpdate is not necessary.

ntpdate-dbgsym: debug symbols for package ntpdate

 NTP, the Network Time Protocol, is used to keep computer clocks
 accurate by synchronizing them over the Internet or a local network,
 or by following an accurate hardware receiver that interprets GPS,
 DCF-77, NIST or similar time signals.
 .
 ntpdate is a simple NTP client that sets a system's clock to match
 the time obtained by communicating with one or more NTP servers. It
 is not sufficient, however, for maintaining an accurate clock in the
 long run. ntpdate by itself is useful for occasionally setting the
 time on machines that do not have full-time network access, such as
 laptops.
 .
 If the full NTP daemon from the package "ntp" is installed, then
 ntpdate is not necessary.