-
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.10.3) utopic-security; urgency=medium
* SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
- debian/patches/CVE-2015-1798.patch: reject packets without MAC in
ntpd/ntp_proto.c.
- CVE-2015-1798
* SECURITY UPDATE: symmetric association DoS attack
- debian/patches/CVE-2015-1799.patch: don't update state variables when
authentication fails in ntpd/ntp_proto.c.
- CVE-2015-1799
* SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
endian platforms
- debian/patches/ntp-keygen-endless-loop.patch: fix logic in
util/ntp-keygen.c.
- CVE number pending
-- Marc Deslauriers <email address hidden> Mon, 13 Apr 2015 09:04:07 -0400
-
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.10.2) utopic-security; urgency=medium
* SECURITY UPDATE: denial of service and possible info leakage via
extension fields
- debian/patches/CVE-2014-9297.patch: properly check lengths in
ntpd/ntp_crypto.c, ntpd/ntp_proto.c.
- CVE-2014-9297
* SECURITY UPDATE: IPv6 ACL bypass
- debian/patches/CVE-2014-9298.patch: check for spoofed ::1 in
ntpd/ntp_io.c.
- CVE-2014-9298
-- Marc Deslauriers <email address hidden> Fri, 06 Feb 2015 09:00:05 -0500
-
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.10.1) utopic-security; urgency=medium
* SECURITY UPDATE: weak default key in config_auth()
- debian/patches/CVE-2014-9293.patch: use openssl for random key in
ntpd/ntp_config.c, ntpd/ntpd.c.
- CVE-2014-9293
* SECURITY UPDATE: non-cryptographic random number generator with weak
seed used by ntp-keygen to generate symmetric keys
- debian/patches/CVE-2014-9294.patch: use openssl for random key in
include/ntp_random.h, libntp/ntp_random.c, util/ntp-keygen.c.
- CVE-2014-9294
* SECURITY UPDATE: buffer overflows in crypto_recv(), ctl_putdata(),
configure()
- debian/patches/CVE-2014-9295.patch: check lengths in
ntpd/ntp_control.c, ntpd/ntp_crypto.c.
- CVE-2014-9295
* SECURITY UPDATE: missing return on error in receive()
- debian/patches/CVE-2015-9296.patch: add missing return in
ntpd/ntp_proto.c.
- CVE-2014-9296
-- Marc Deslauriers <email address hidden> Sat, 20 Dec 2014 06:04:24 -0500
-
ntp (1:4.2.6.p5+dfsg-3ubuntu2) saucy; urgency=low
* debian/apparmor-profile: fix spurious noisy denials (LP: #1237508)
-- Jamie Strandboge <email address hidden> Wed, 09 Oct 2013 12:28:02 -0500