Ubuntu
ntp package

Change logs for ntp source package in Utopic

  1. Utopic (14.10)
  2. Change log 
  • ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.10.3) utopic-security; urgency=medium

  * SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
    - debian/patches/CVE-2015-1798.patch: reject packets without MAC in
      ntpd/ntp_proto.c.
    - CVE-2015-1798
  * SECURITY UPDATE: symmetric association DoS attack
    - debian/patches/CVE-2015-1799.patch: don't update state variables when
      authentication fails in ntpd/ntp_proto.c.
    - CVE-2015-1799
  * SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
    endian platforms
    - debian/patches/ntp-keygen-endless-loop.patch: fix logic in
      util/ntp-keygen.c.
    - CVE number pending
 -- Marc Deslauriers <email address hidden>   Mon, 13 Apr 2015 09:04:07 -0400
  • ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.10.2) utopic-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible info leakage via
    extension fields
    - debian/patches/CVE-2014-9297.patch: properly check lengths in
      ntpd/ntp_crypto.c, ntpd/ntp_proto.c.
    - CVE-2014-9297
  * SECURITY UPDATE: IPv6 ACL bypass
    - debian/patches/CVE-2014-9298.patch: check for spoofed ::1 in
      ntpd/ntp_io.c.
    - CVE-2014-9298
 -- Marc Deslauriers <email address hidden>   Fri, 06 Feb 2015 09:00:05 -0500
  • ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.10.1) utopic-security; urgency=medium

  * SECURITY UPDATE: weak default key in config_auth()
    - debian/patches/CVE-2014-9293.patch: use openssl for random key in
      ntpd/ntp_config.c, ntpd/ntpd.c.
    - CVE-2014-9293
  * SECURITY UPDATE: non-cryptographic random number generator with weak
    seed used by ntp-keygen to generate symmetric keys
    - debian/patches/CVE-2014-9294.patch: use openssl for random key in
      include/ntp_random.h, libntp/ntp_random.c, util/ntp-keygen.c.
    - CVE-2014-9294
  * SECURITY UPDATE: buffer overflows in crypto_recv(), ctl_putdata(),
    configure()
    - debian/patches/CVE-2014-9295.patch: check lengths in
      ntpd/ntp_control.c, ntpd/ntp_crypto.c.
    - CVE-2014-9295
  * SECURITY UPDATE: missing return on error in receive()
    - debian/patches/CVE-2015-9296.patch: add missing return in
      ntpd/ntp_proto.c.
    - CVE-2014-9296
 -- Marc Deslauriers <email address hidden>   Sat, 20 Dec 2014 06:04:24 -0500
  • ntp (1:4.2.6.p5+dfsg-3ubuntu2) saucy; urgency=low

  * debian/apparmor-profile: fix spurious noisy denials (LP: #1237508)
 -- Jamie Strandboge <email address hidden>   Wed, 09 Oct 2013 12:28:02 -0500