Format: 1.8
Date: Wed, 05 Oct 2016 08:13:23 -0400
Source: ntp
Binary: ntp ntpdate ntp-doc
Architecture: powerpc
Version: 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10
Distribution: trusty
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@fisher01.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 ntp        - Network Time Protocol daemon and utility programs
 ntp-doc    - Network Time Protocol documentation
 ntpdate    - client for setting system time from NTP servers
Launchpad-Bugs-Fixed: 1528050
Changes: 
 ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.10) trusty-security; urgency=medium
 .
   * SECURITY UPDATE: Deja Vu replay attack on authenticated broadcast mode
     - debian/patches/CVE-2015-7973.patch: improve timestamp verification in
       include/ntp.h, ntpd/ntp_proto.c.
     - CVE-2015-7973
   * SECURITY UPDATE: impersonation between authenticated peers
     - debian/patches/CVE-2015-7974.patch: check key ID in ntpd/ntp_proto.c.
     - CVE-2015-7974
   * SECURITY UPDATE: ntpq saveconfig command allows dangerous characters in
     filenames
     - debian/patches/CVE-2015-7976.patch: check filename in
       ntpd/ntp_control.c.
     - CVE-2015-7976
   * SECURITY UPDATE: restrict list denial of service
     - debian/patches/CVE-2015-7977-7978.patch: improve restrict list
       processing in ntpd/ntp_request.c.
     - CVE-2015-7977
     - CVE-2015-7978
   * SECURITY UPDATE: authenticated broadcast mode off-path denial of
     service
     - debian/patches/CVE-2015-7979.patch: add more checks to
       ntpd/ntp_proto.c.
     - CVE-2015-7979
     - CVE-2016-1547
   * SECURITY UPDATE: Zero Origin Timestamp Bypass
     - debian/patches/CVE-2015-8138.patch: check p_org in ntpd/ntp_proto.c.
     - CVE-2015-8138
   * SECURITY UPDATE: potential infinite loop in ntpq
     - debian/patches/CVE-2015-8158.patch: add time checks to ntpdc/ntpdc.c,
       ntpq/ntpq.c.
     - CVE-2015-8158
   * SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050)
     - debian/ntp.cron.daily: fix security issues, patch thanks to halfdog!
     - CVE-2016-0727
   * SECURITY UPDATE: time spoofing via interleaved symmetric mode
     - debian/patches/CVE-2016-1548.patch: check for bogus packets in
       ntpd/ntp_proto.c.
     - CVE-2016-1548
   * SECURITY UPDATE: buffer comparison timing attacks
     - debian/patches/CVE-2016-1550.patch: use CRYPTO_memcmp in
       libntp/a_md5encrypt.c, sntp/crypto.c.
     - CVE-2016-1550
   * SECURITY UPDATE: DoS via duplicate IPs on unconfig directives
     - debian/patches/CVE-2016-2516.patch: improve logic in
       ntpd/ntp_request.c.
     - CVE-2016-2516
   * SECURITY UPDATE: denial of service via crafted addpeer
     - debian/patches/CVE-2016-2518.patch: check mode value in
       ntpd/ntp_request.c.
     - CVE-2016-2518
   * SECURITY UPDATE: denial of service via spoofed packets
     - debian/patches/CVE-2016-4954.patch: discard packet that fails tests
       in ntpd/ntp_proto.c.
     - CVE-2016-4954
   * SECURITY UPDATE: denial of service via spoofed crypto-NAK or incorrect
     MAC
     - debian/patches/CVE-2016-4955.patch: fix checks in ntpd/ntp_proto.c.
     - CVE-2016-4955
   * SECURITY UPDATE: denial of service via spoofed broadcast packet
     - debian/patches/CVE-2016-4956.patch: properly handle switch in
       broadcast interleaved mode in ntpd/ntp_proto.c.
     - CVE-2016-4956
Checksums-Sha1: 
 1c5f040c8e9b4d1a45cfb27c24a52a8a18c6f575 363042 ntp_4.2.6.p5+dfsg-3ubuntu2.14.04.10_powerpc.deb
 d39fe5ceb0d06f8bce0549a8e6a693421a4adede 53760 ntpdate_4.2.6.p5+dfsg-3ubuntu2.14.04.10_powerpc.deb
 b613c0bae4382671e546fc14a41bb39744f5a9a8 738740 ntp-dbgsym_4.2.6.p5+dfsg-3ubuntu2.14.04.10_powerpc.ddeb
 f31f895d140ee1e761f9d63c123716798bf5fbda 88076 ntpdate-dbgsym_4.2.6.p5+dfsg-3ubuntu2.14.04.10_powerpc.ddeb
Checksums-Sha256: 
 c6a0ec585306a9c21f8519ac35279235ac42e7161b55251140a61ef512952712 363042 ntp_4.2.6.p5+dfsg-3ubuntu2.14.04.10_powerpc.deb
 c6489bf6fb6fae5fbd8dc64c3f8a420fd407c134cd4698be663071cb229d0cc5 53760 ntpdate_4.2.6.p5+dfsg-3ubuntu2.14.04.10_powerpc.deb
 3f6147598fa02cebeeeabc431e35eed1784bf35b08d851f882962eaec91e7944 738740 ntp-dbgsym_4.2.6.p5+dfsg-3ubuntu2.14.04.10_powerpc.ddeb
 88f3d0cdd8a6af1774d39cba2920d12c4cb81077dca3326cefdd89b76a4f25b6 88076 ntpdate-dbgsym_4.2.6.p5+dfsg-3ubuntu2.14.04.10_powerpc.ddeb
Files: 
 67890135be016656d8db922a88525fd6 363042 net optional ntp_4.2.6.p5+dfsg-3ubuntu2.14.04.10_powerpc.deb
 0e0bd523dcc219356b6af7a618415102 53760 net optional ntpdate_4.2.6.p5+dfsg-3ubuntu2.14.04.10_powerpc.deb
 7946261d3ca8ced03ab5c9f73c32566b 738740 net extra ntp-dbgsym_4.2.6.p5+dfsg-3ubuntu2.14.04.10_powerpc.ddeb
 fe94f2fedb9c53c3ce72ad426c460531 88076 net extra ntpdate-dbgsym_4.2.6.p5+dfsg-3ubuntu2.14.04.10_powerpc.ddeb
Original-Maintainer: Debian NTP Team <pkg-ntp-maintainers@lists.alioth.debian.org>