-
ntp (1:4.2.6.p5+dfsg-3ubuntu6.3) vivid; urgency=medium
* Fix use-after-free in routing socket code (closes: #795315)
- debian/patches/use-after-free-in-routing-socket.patch:
fix logic in ntpd/ntp_io.c (LP: #1481388)
-- Eric Desrochers <email address hidden> Thu, 29 Oct 2015 09:18:12 -0400
-
ntp (1:4.2.6.p5+dfsg-3ubuntu6.2) vivid-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted NUL-byte in
configuration directive
- debian/patches/CVE-2015-5146.patch: properly validate command in
ntpd/ntp_control.c.
- CVE-2015-5146
* SECURITY UPDATE: denial of service via malformed logconfig commands
- debian/patches/CVE-2015-5194.patch: fix logconfig logic in
ntpd/ntp_parser.y.
- CVE-2015-5194
* SECURITY UPDATE: denial of service via disabled statistics type
- debian/patches/CVE-2015-5195.patch: handle unrecognized types in
ntpd/ntp_config.c.
- CVE-2015-5195
* SECURITY UPDATE: file overwrite via remote pidfile and driftfile
configuration directives
- debian/patches/CVE-2015-5196.patch: disable remote configuration in
ntpd/ntp_parser.y.
- CVE-2015-5196
- CVE-2015-7703
* SECURITY UPDATE: denial of service via precision value conversion
- debian/patches/CVE-2015-5219.patch: use ldexp for LOGTOD in
include/ntp.h.
- CVE-2015-5219
* SECURITY UPDATE: timeshifting by reboot issue
- debian/patches/CVE-2015-5300.patch: disable panic in
ntpd/ntp_loopfilter.c.
- CVE-2015-5300
* SECURITY UPDATE: incomplete autokey data packet length checks
- debian/patches/CVE-2015-7691.patch: add length and size checks to
ntpd/ntp_crypto.c.
- CVE-2015-7691
- CVE-2015-7692
- CVE-2015-7702
* SECURITY UPDATE: memory leak in CRYPTO_ASSOC
- debian/patches/CVE-2015-7701.patch: add missing free in
ntpd/ntp_crypto.c.
- CVE-2015-7701
* SECURITY UPDATE: denial of service by spoofed KoD
- debian/patches/CVE-2015-7704.patch: add check to ntpd/ntp_proto.c.
- CVE-2015-7704
- CVE-2015-7705
* SECURITY UPDATE: denial of service via same logfile and keyfile
- debian/patches/CVE-2015-7850.patch: rate limit errors in
include/ntp_stdlib.h, include/ntp_syslog.h, libntp/authreadkeys.c,
libntp/msyslog.c.
- CVE-2015-7850
* SECURITY UPDATE: ntpq atoascii memory corruption
- debian/patches/CVE-2015-7852.patch: avoid buffer overrun in
ntpq/ntpq.c.
- CVE-2015-7852
* SECURITY UPDATE: buffer overflow via custom refclock driver
- debian/patches/CVE-2015-7853.patch: properly calculate length in
ntpd/ntp_io.c.
- CVE-2015-7853
* SECURITY UPDATE: denial of service via ASSERT in decodenetnum
- debian/patches/CVE-2015-7855.patch: simply return fail in
libntp/decodenetnum.c.
- CVE-2015-7855
* SECURITY UPDATE: symmetric association authentication bypass via
crypto-NAK
- debian/patches/CVE-2015-7871.patch: drop unhandled packet in
ntpd/ntp_proto.c.
- CVE-2015-7871
* debian/control: add bison to Build-Depends.
* debian/rules: remove ntp/ntp_parser.{c,h} or they don't get properly
regenerated for some reason.
* This package does _not_ contain the changes from
(1:4.2.6.p5+dfsg-3ubuntu6.1) in vivid-proposed.
-- Marc Deslauriers <email address hidden> Fri, 23 Oct 2015 11:42:22 -0400
-
ntp (1:4.2.6.p5+dfsg-3ubuntu6.1) vivid; urgency=medium
* Fix use-after-free in routing socket code (LP: #1481388)
- debian/patches/use-after-free-in-routing-socket.patch
fix logic in ntpd/ntp_io.c
* Fix to ignore ENOBUFS on routing netlink socket
- debian/patches/ignore-ENOBUFS-on-routing-netlink-socket.patch
fix logic in ntpd/ntp_io.c
-- Eric Desrochers <email address hidden> Tue, 01 Sep 2015 10:50:22 -0400
-
ntp (1:4.2.6.p5+dfsg-3ubuntu6) vivid; urgency=medium
* SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
endian platforms
- debian/patches/ntp-keygen-endless-loop.patch: fix logic in
util/ntp-keygen.c.
- CVE number pending
-- Marc Deslauriers <email address hidden> Mon, 13 Apr 2015 08:58:57 -0400
-
ntp (1:4.2.6.p5+dfsg-3ubuntu5) vivid; urgency=medium
* SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
- debian/patches/CVE-2015-1798.patch: reject packets without MAC in
ntpd/ntp_proto.c.
- CVE-2015-1798
* SECURITY UPDATE: symmetric association DoS attack
- debian/patches/CVE-2015-1799.patch: don't update state variables when
authentication fails in ntpd/ntp_proto.c.
- CVE-2015-1799
-- Marc Deslauriers <email address hidden> Tue, 07 Apr 2015 12:48:31 -0400
-
ntp (1:4.2.6.p5+dfsg-3ubuntu4) vivid; urgency=medium
* SECURITY UPDATE: denial of service and possible info leakage via
extension fields
- debian/patches/CVE-2014-9297.patch: properly check lengths in
ntpd/ntp_crypto.c, ntpd/ntp_proto.c.
- CVE-2014-9297
* SECURITY UPDATE: IPv6 ACL bypass
- debian/patches/CVE-2014-9298.patch: check for spoofed ::1 in
ntpd/ntp_io.c.
- CVE-2014-9298
-- Marc Deslauriers <email address hidden> Mon, 09 Feb 2015 13:03:44 -0500
-
ntp (1:4.2.6.p5+dfsg-3ubuntu3) vivid; urgency=medium
* SECURITY UPDATE: weak default key in config_auth()
- debian/patches/CVE-2014-9293.patch: use openssl for random key in
ntpd/ntp_config.c, ntpd/ntpd.c.
- CVE-2014-9293
* SECURITY UPDATE: non-cryptographic random number generator with weak
seed used by ntp-keygen to generate symmetric keys
- debian/patches/CVE-2014-9294.patch: use openssl for random key in
include/ntp_random.h, libntp/ntp_random.c, util/ntp-keygen.c.
- CVE-2014-9294
* SECURITY UPDATE: buffer overflows in crypto_recv(), ctl_putdata(),
configure()
- debian/patches/CVE-2014-9295.patch: check lengths in
ntpd/ntp_control.c, ntpd/ntp_crypto.c.
- CVE-2014-9295
* SECURITY UPDATE: missing return on error in receive()
- debian/patches/CVE-2015-9296.patch: add missing return in
ntpd/ntp_proto.c.
- CVE-2014-9296
-- Marc Deslauriers <email address hidden> Sat, 20 Dec 2014 05:47:10 -0500
-
ntp (1:4.2.6.p5+dfsg-3ubuntu2) saucy; urgency=low
* debian/apparmor-profile: fix spurious noisy denials (LP: #1237508)
-- Jamie Strandboge <email address hidden> Wed, 09 Oct 2013 12:28:02 -0500
