Change logs for ntp source package in Trusty

  • ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.13) trusty-security; urgency=medium
      * SECURITY UPDATE: code execution via buffer overflow in decodearr
        - debian/patches/CVE-2018-7183.patch: prevent writing beyons limits in
        - CVE-2018-7183
      * SECURITY UPDATE: DoS via certain packets with a zero-origin timestamp
        - debian/patches/CVE-2018-7185.patch: add additional checks to
        - CVE-2018-7185
     -- Marc Deslauriers <email address hidden>  Fri, 06 Jul 2018 15:45:46 -0400
  • ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.12) trusty; urgency=medium
      * debian/ntpdate.if-up: Drop delta to stop/start service around ntpdate
        updates - fixes ntp restart storms due to network changes, fixes
        accidential start of ntp, avoids issues of ntpdate jumping too far while
        running ntp was supposed to drift (LP: #1593907)
     -- Christian Ehrhardt <email address hidden>  Fri, 07 Jul 2017 07:53:16 +0200
  • ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.11) trusty-security; urgency=medium
      * SECURITY UPDATE: DoS via responses with a spoofed source address
        - debian/patches/CVE-2016-7426.patch: improve rate limiting in
        - CVE-2016-7426
      * SECURITY UPDATE: DoS via crafted broadcast mode packet
        - debian/patches/CVE-2016-7427-1.patch: improve replay prevention
          logic in ntpd/ntp_proto.c.
        - CVE-2016-7427
      * SECURITY UPDATE: DoS via poll interval in a broadcast packet
        - debian/patches/CVE-2016-7428.patch: ensure at least one poll interval
          has elapsed in ntpd/ntp_proto.c, include/ntp.h.
        - CVE-2016-7428
      * SECURITY UPDATE: DoS via response for a source to an interface the
        source does not use
        - debian/patches/CVE-2016-7429-1.patch: add extra checks to
        - debian/patches/CVE-2016-7429-2.patch: check for NULL first in
        - debian/patches/CVE-2016-7429-3.patch: fix multicastclient regression
          in ntpd/ntp_peer.c.
        - CVE-2016-7429
      * SECURITY UPDATE: traps can be set or unset via a crafted control mode
        - debian/patches/CVE-2016-9310.patch: require AUTH in
        - CVE-2016-9310
      * SECURITY UPDATE: DoS when trap service is enabled
        - debian/patches/CVE-2016-9311.patch: make sure peer events are
          associated with a peer in ntpd/ntp_control.c.
        - CVE-2016-9311
      * SECURITY UPDATE: potential Overflows in ctl_put() functions
        - debian/patches/CVE-2017-6458.patch: check lengths in
        - CVE-2017-6458
      * SECURITY UPDATE: buffer overflow in DPTS refclock driver
        - debian/patches/CVE-2017-6462.patch: don't overrun buffer in
        - CVE-2017-6462
      * SECURITY UPDATE: DoS via invalid setting in a :config directive
        - debian/patches/CVE-2017-6463.patch: protect against overflow in
        - CVE-2017-6463
      * SECURITY UPDATE: Dos via malformed mode configuration directive
        - debian/patches/CVE-2017-6464.patch: validate directives in
          ntpd/ntp_config.c, ntpd/ntp_proto.c.
        - CVE-2017-6464
     -- Marc Deslauriers <email address hidden>  Wed, 28 Jun 2017 12:17:02 -0400
  • ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.10) trusty-security; urgency=medium
      * SECURITY UPDATE: Deja Vu replay attack on authenticated broadcast mode
        - debian/patches/CVE-2015-7973.patch: improve timestamp verification in
          include/ntp.h, ntpd/ntp_proto.c.
        - CVE-2015-7973
      * SECURITY UPDATE: impersonation between authenticated peers
        - debian/patches/CVE-2015-7974.patch: check key ID in ntpd/ntp_proto.c.
        - CVE-2015-7974
      * SECURITY UPDATE: ntpq saveconfig command allows dangerous characters in
        - debian/patches/CVE-2015-7976.patch: check filename in
        - CVE-2015-7976
      * SECURITY UPDATE: restrict list denial of service
        - debian/patches/CVE-2015-7977-7978.patch: improve restrict list
          processing in ntpd/ntp_request.c.
        - CVE-2015-7977
        - CVE-2015-7978
      * SECURITY UPDATE: authenticated broadcast mode off-path denial of
        - debian/patches/CVE-2015-7979.patch: add more checks to
        - CVE-2015-7979
        - CVE-2016-1547
      * SECURITY UPDATE: Zero Origin Timestamp Bypass
        - debian/patches/CVE-2015-8138.patch: check p_org in ntpd/ntp_proto.c.
        - CVE-2015-8138
      * SECURITY UPDATE: potential infinite loop in ntpq
        - debian/patches/CVE-2015-8158.patch: add time checks to ntpdc/ntpdc.c,
        - CVE-2015-8158
      * SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050)
        - debian/ntp.cron.daily: fix security issues, patch thanks to halfdog!
        - CVE-2016-0727
      * SECURITY UPDATE: time spoofing via interleaved symmetric mode
        - debian/patches/CVE-2016-1548.patch: check for bogus packets in
        - CVE-2016-1548
      * SECURITY UPDATE: buffer comparison timing attacks
        - debian/patches/CVE-2016-1550.patch: use CRYPTO_memcmp in
          libntp/a_md5encrypt.c, sntp/crypto.c.
        - CVE-2016-1550
      * SECURITY UPDATE: DoS via duplicate IPs on unconfig directives
        - debian/patches/CVE-2016-2516.patch: improve logic in
        - CVE-2016-2516
      * SECURITY UPDATE: denial of service via crafted addpeer
        - debian/patches/CVE-2016-2518.patch: check mode value in
        - CVE-2016-2518
      * SECURITY UPDATE: denial of service via spoofed packets
        - debian/patches/CVE-2016-4954.patch: discard packet that fails tests
          in ntpd/ntp_proto.c.
        - CVE-2016-4954
      * SECURITY UPDATE: denial of service via spoofed crypto-NAK or incorrect
        - debian/patches/CVE-2016-4955.patch: fix checks in ntpd/ntp_proto.c.
        - CVE-2016-4955
      * SECURITY UPDATE: denial of service via spoofed broadcast packet
        - debian/patches/CVE-2016-4956.patch: properly handle switch in
          broadcast interleaved mode in ntpd/ntp_proto.c.
        - CVE-2016-4956
     -- Marc Deslauriers <email address hidden>  Wed, 05 Oct 2016 08:13:23 -0400
  • ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.8) trusty; urgency=medium
      * ntpd rejects source UDP ports less than 123 as bogus (closes: #691412)
        - d/p/reject-UDP-ports-less-than-123-as-bogus.patch (LP: #1479652)
     -- Eric Desrochers <email address hidden>  Mon, 25 Jan 2016 11:39:44 -0500
  • ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.7) trusty; urgency=medium
      * Use a single lockfile again - instead unlock the file before starting the
        init script. The lock sho uld be shared - both services can't run at the
        same time. (LP: #1125726)
     -- Cam Cope <email address hidden>  Tue, 19 Jan 2016 10:22:39 +0000
  • ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.6) trusty; urgency=medium
      * Fix use-after-free in routing socket code (closes: #795315)
        - debian/patches/use-after-free-in-routing-socket.patch:
          fix logic in ntpd/ntp_io.c (LP: #1481388)
     -- Eric Desrochers <email address hidden>  Thu, 29 Oct 2015 09:34:22 -0400
  • ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.5) trusty-security; urgency=medium
      * SECURITY UPDATE: denial of service via crafted NUL-byte in
        configuration directive
        - debian/patches/CVE-2015-5146.patch: properly validate command in
        - CVE-2015-5146
      * SECURITY UPDATE: denial of service via malformed logconfig commands
        - debian/patches/CVE-2015-5194.patch: fix logconfig logic in
        - CVE-2015-5194
      * SECURITY UPDATE: denial of service via disabled statistics type
        - debian/patches/CVE-2015-5195.patch: handle unrecognized types in
        - CVE-2015-5195
      * SECURITY UPDATE: file overwrite via remote pidfile and driftfile
        configuration directives
        - debian/patches/CVE-2015-5196.patch: disable remote configuration in
        - CVE-2015-5196
        - CVE-2015-7703
      * SECURITY UPDATE: denial of service via precision value conversion
        - debian/patches/CVE-2015-5219.patch: use ldexp for LOGTOD in
        - CVE-2015-5219
      * SECURITY UPDATE: timeshifting by reboot issue
        - debian/patches/CVE-2015-5300.patch: disable panic in
        - CVE-2015-5300
      * SECURITY UPDATE: incomplete autokey data packet length checks
        - debian/patches/CVE-2015-7691.patch: add length and size checks to
        - CVE-2015-7691
        - CVE-2015-7692
        - CVE-2015-7702
      * SECURITY UPDATE: memory leak in CRYPTO_ASSOC
        - debian/patches/CVE-2015-7701.patch: add missing free in
        - CVE-2015-7701
      * SECURITY UPDATE: denial of service by spoofed KoD
        - debian/patches/CVE-2015-7704.patch: add check to ntpd/ntp_proto.c.
        - CVE-2015-7704
        - CVE-2015-7705
      * SECURITY UPDATE: denial of service via same logfile and keyfile
        - debian/patches/CVE-2015-7850.patch: rate limit errors in
          include/ntp_stdlib.h, include/ntp_syslog.h, libntp/authreadkeys.c,
        - CVE-2015-7850
      * SECURITY UPDATE: ntpq atoascii memory corruption
        - debian/patches/CVE-2015-7852.patch: avoid buffer overrun in
        - CVE-2015-7852
      * SECURITY UPDATE: buffer overflow via custom refclock driver
        - debian/patches/CVE-2015-7853.patch: properly calculate length in
        - CVE-2015-7853
      * SECURITY UPDATE: denial of service via ASSERT in decodenetnum
        - debian/patches/CVE-2015-7855.patch: simply return fail in
        - CVE-2015-7855
      * SECURITY UPDATE: symmetric association authentication bypass via
        - debian/patches/CVE-2015-7871.patch: drop unhandled packet in
        - CVE-2015-7871
      * debian/control: add bison to Build-Depends.
      * debian/rules: remove ntp/ntp_parser.{c,h} or they don't get properly
        regenerated for some reason.
      * This package does _not_ contain the changes from
        (1:4.2.6.p5+dfsg-3ubuntu2.14.04.4) in trusty-proposed.
     -- Marc Deslauriers <email address hidden>  Fri, 23 Oct 2015 11:47:46 -0400
  • ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.4) trusty; urgency=medium
      * Fix use-after-free in routing socket code (LP: #1481388)
        - debian/patches/use-after-free-in-routing-socket.patch
          fix logic in ntpd/ntp_io.c
      * Fix to ignore ENOBUFS on routing netlink socket
        - debian/patches/ignore-ENOBUFS-on-routing-netlink-socket.patch
          fix logic in ntpd/ntp_io.c
     -- Eric Desrochers <email address hidden>  Thu, 27 Aug 2015 09:45:58 -0400
  • ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.3) trusty-security; urgency=medium
      * SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
        - debian/patches/CVE-2015-1798.patch: reject packets without MAC in
        - CVE-2015-1798
      * SECURITY UPDATE: symmetric association DoS attack
        - debian/patches/CVE-2015-1799.patch: don't update state variables when
          authentication fails in ntpd/ntp_proto.c.
        - CVE-2015-1799
      * SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
        endian platforms
        - debian/patches/ntp-keygen-endless-loop.patch: fix logic in
        - CVE number pending
     -- Marc Deslauriers <email address hidden>   Mon, 13 Apr 2015 09:05:27 -0400
  • ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.2) trusty-security; urgency=medium
      * SECURITY UPDATE: denial of service and possible info leakage via
        extension fields
        - debian/patches/CVE-2014-9297.patch: properly check lengths in
          ntpd/ntp_crypto.c, ntpd/ntp_proto.c.
        - CVE-2014-9297
      * SECURITY UPDATE: IPv6 ACL bypass
        - debian/patches/CVE-2014-9298.patch: check for spoofed ::1 in
        - CVE-2014-9298
     -- Marc Deslauriers <email address hidden>   Fri, 06 Feb 2015 09:10:10 -0500
  • ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.1) trusty-security; urgency=medium
      * SECURITY UPDATE: weak default key in config_auth()
        - debian/patches/CVE-2014-9293.patch: use openssl for random key in
          ntpd/ntp_config.c, ntpd/ntpd.c.
        - CVE-2014-9293
      * SECURITY UPDATE: non-cryptographic random number generator with weak
        seed used by ntp-keygen to generate symmetric keys
        - debian/patches/CVE-2014-9294.patch: use openssl for random key in
          include/ntp_random.h, libntp/ntp_random.c, util/ntp-keygen.c.
        - CVE-2014-9294
      * SECURITY UPDATE: buffer overflows in crypto_recv(), ctl_putdata(),
        - debian/patches/CVE-2014-9295.patch: check lengths in
          ntpd/ntp_control.c, ntpd/ntp_crypto.c.
        - CVE-2014-9295
      * SECURITY UPDATE: missing return on error in receive()
        - debian/patches/CVE-2015-9296.patch: add missing return in
        - CVE-2014-9296
     -- Marc Deslauriers <email address hidden>   Sat, 20 Dec 2014 06:06:22 -0500
  • ntp (1:4.2.6.p5+dfsg-3ubuntu2) saucy; urgency=low
      * debian/apparmor-profile: fix spurious noisy denials (LP: #1237508)
     -- Jamie Strandboge <email address hidden>   Wed, 09 Oct 2013 12:28:02 -0500