ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 source package in Ubuntu

Changelog

ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.10) trusty-security; urgency=medium

  * SECURITY UPDATE: Deja Vu replay attack on authenticated broadcast mode
    - debian/patches/CVE-2015-7973.patch: improve timestamp verification in
      include/ntp.h, ntpd/ntp_proto.c.
    - CVE-2015-7973
  * SECURITY UPDATE: impersonation between authenticated peers
    - debian/patches/CVE-2015-7974.patch: check key ID in ntpd/ntp_proto.c.
    - CVE-2015-7974
  * SECURITY UPDATE: ntpq saveconfig command allows dangerous characters in
    filenames
    - debian/patches/CVE-2015-7976.patch: check filename in
      ntpd/ntp_control.c.
    - CVE-2015-7976
  * SECURITY UPDATE: restrict list denial of service
    - debian/patches/CVE-2015-7977-7978.patch: improve restrict list
      processing in ntpd/ntp_request.c.
    - CVE-2015-7977
    - CVE-2015-7978
  * SECURITY UPDATE: authenticated broadcast mode off-path denial of
    service
    - debian/patches/CVE-2015-7979.patch: add more checks to
      ntpd/ntp_proto.c.
    - CVE-2015-7979
    - CVE-2016-1547
  * SECURITY UPDATE: Zero Origin Timestamp Bypass
    - debian/patches/CVE-2015-8138.patch: check p_org in ntpd/ntp_proto.c.
    - CVE-2015-8138
  * SECURITY UPDATE: potential infinite loop in ntpq
    - debian/patches/CVE-2015-8158.patch: add time checks to ntpdc/ntpdc.c,
      ntpq/ntpq.c.
    - CVE-2015-8158
  * SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050)
    - debian/ntp.cron.daily: fix security issues, patch thanks to halfdog!
    - CVE-2016-0727
  * SECURITY UPDATE: time spoofing via interleaved symmetric mode
    - debian/patches/CVE-2016-1548.patch: check for bogus packets in
      ntpd/ntp_proto.c.
    - CVE-2016-1548
  * SECURITY UPDATE: buffer comparison timing attacks
    - debian/patches/CVE-2016-1550.patch: use CRYPTO_memcmp in
      libntp/a_md5encrypt.c, sntp/crypto.c.
    - CVE-2016-1550
  * SECURITY UPDATE: DoS via duplicate IPs on unconfig directives
    - debian/patches/CVE-2016-2516.patch: improve logic in
      ntpd/ntp_request.c.
    - CVE-2016-2516
  * SECURITY UPDATE: denial of service via crafted addpeer
    - debian/patches/CVE-2016-2518.patch: check mode value in
      ntpd/ntp_request.c.
    - CVE-2016-2518
  * SECURITY UPDATE: denial of service via spoofed packets
    - debian/patches/CVE-2016-4954.patch: discard packet that fails tests
      in ntpd/ntp_proto.c.
    - CVE-2016-4954
  * SECURITY UPDATE: denial of service via spoofed crypto-NAK or incorrect
    MAC
    - debian/patches/CVE-2016-4955.patch: fix checks in ntpd/ntp_proto.c.
    - CVE-2016-4955
  * SECURITY UPDATE: denial of service via spoofed broadcast packet
    - debian/patches/CVE-2016-4956.patch: properly handle switch in
      broadcast interleaved mode in ntpd/ntp_proto.c.
    - CVE-2016-4956

 -- Marc Deslauriers <email address hidden>  Wed, 05 Oct 2016 08:13:23 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2016-10-05
Uploaded to:
Trusty
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
ntp_4.2.6.p5+dfsg.orig.tar.gz 3.9 MiB 17f0b63e7e27de5cc999a4afdb96b2dbdf76c75181fca50e2395e49e5773dfc9
ntp_4.2.6.p5+dfsg-3ubuntu2.14.04.10.debian.tar.gz 144.1 KiB 4097803a1422a5c6fa5381e496c35cb2306988c8d48dbd9136a8c31b55208451
ntp_4.2.6.p5+dfsg-3ubuntu2.14.04.10.dsc 2.3 KiB e37b5b5f3a508f5fd0b8b5224ff303a37e51c116b9d88e73d0848872480fc543

View changes file

Binary packages built by this source

ntp: Network Time Protocol daemon and utility programs

 NTP, the Network Time Protocol, is used to keep computer clocks
 accurate by synchronizing them over the Internet or a local network,
 or by following an accurate hardware receiver that interprets GPS,
 DCF-77, NIST or similar time signals.
 .
 This package contains the NTP daemon and utility programs. An NTP
 daemon needs to be running on each host that is to have its clock
 accuracy controlled by NTP. The same NTP daemon is also used to
 provide NTP service to other hosts.
 .
 For more information about the NTP protocol and NTP server
 configuration and operation, install the package "ntp-doc".

ntp-dbgsym: debug symbols for package ntp

 NTP, the Network Time Protocol, is used to keep computer clocks
 accurate by synchronizing them over the Internet or a local network,
 or by following an accurate hardware receiver that interprets GPS,
 DCF-77, NIST or similar time signals.
 .
 This package contains the NTP daemon and utility programs. An NTP
 daemon needs to be running on each host that is to have its clock
 accuracy controlled by NTP. The same NTP daemon is also used to
 provide NTP service to other hosts.
 .
 For more information about the NTP protocol and NTP server
 configuration and operation, install the package "ntp-doc".

ntp-doc: Network Time Protocol documentation

 NTP, the Network Time Protocol, is used to keep computer clocks
 accurate by synchronizing them over the Internet or a local network,
 or by following an accurate hardware receiver that interprets GPS,
 DCF-77, NIST or similar time signals.
 .
 This package contains HTML documentation for the ntp packages (ntp,
 ntpdate). Since there are no substantive man pages for ntp's
 programs and configuration files, this package is desirable for any
 setup beyond the simple default configuration.

ntpdate: client for setting system time from NTP servers

 NTP, the Network Time Protocol, is used to keep computer clocks
 accurate by synchronizing them over the Internet or a local network,
 or by following an accurate hardware receiver that interprets GPS,
 DCF-77, NIST or similar time signals.
 .
 ntpdate is a simple NTP client that sets a system's clock to match
 the time obtained by communicating with one or more NTP servers. It
 is not sufficient, however, for maintaining an accurate clock in the
 long run. ntpdate by itself is useful for occasionally setting the
 time on machines that do not have full-time network access, such as
 laptops.
 .
 If the full NTP daemon from the package "ntp" is installed, then
 ntpdate is not necessary.

ntpdate-dbgsym: debug symbols for package ntpdate

 NTP, the Network Time Protocol, is used to keep computer clocks
 accurate by synchronizing them over the Internet or a local network,
 or by following an accurate hardware receiver that interprets GPS,
 DCF-77, NIST or similar time signals.
 .
 ntpdate is a simple NTP client that sets a system's clock to match
 the time obtained by communicating with one or more NTP servers. It
 is not sufficient, however, for maintaining an accurate clock in the
 long run. ntpdate by itself is useful for occasionally setting the
 time on machines that do not have full-time network access, such as
 laptops.
 .
 If the full NTP daemon from the package "ntp" is installed, then
 ntpdate is not necessary.