Format: 1.8 Date: Wed, 28 Jun 2017 10:23:27 -0400 Source: ntp Binary: ntp ntpdate ntp-doc Architecture: i386 Version: 1:4.2.8p4+dfsg-3ubuntu5.5 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: ntp - Network Time Protocol daemon and utility programs ntp-doc - Network Time Protocol documentation ntpdate - client for setting system time from NTP servers Changes: ntp (1:4.2.8p4+dfsg-3ubuntu5.5) xenial-security; urgency=medium . * SECURITY UPDATE: DoS via large request data value - debian/patches/CVE-2016-2519.patch: check packet in ntpd/ntp_control.c. - CVE-2016-2519 * SECURITY UPDATE: DoS via responses with a spoofed source address - debian/patches/CVE-2016-7426.patch: improve rate limiting in ntpd/ntp_proto.c. - CVE-2016-7426 * SECURITY UPDATE: DoS via crafted broadcast mode packet - debian/patches/CVE-2016-7427-1.patch: improve replay prevention logic in ntpd/ntp_proto.c. - CVE-2016-7427 * SECURITY UPDATE: DoS via poll interval in a broadcast packet - debian/patches/CVE-2016-7428.patch: ensure at least one poll interval has elapsed in ntpd/ntp_proto.c, include/ntp.h. - CVE-2016-7428 * SECURITY UPDATE: DoS via response for a source to an interface the source does not use - debian/patches/CVE-2016-7429-1.patch: add extra checks to ntpd/ntp_peer.c. - debian/patches/CVE-2016-7429-2.patch: check for NULL first in ntpd/ntp_peer.c. - debian/patches/CVE-2016-7429-3.patch: fix multicastclient regression in ntpd/ntp_peer.c. - CVE-2016-7429 * SECURITY UPDATE: incorrect initial sync calculations - debian/patches/CVE-2016-7433.patch: use peer dispersion in ntpd/ntp_proto.c. - CVE-2016-7433 * SECURITY UPDATE: DoS via crafted mrulist query - debian/patches/CVE-2016-7434.patch: added missing parameter validation to ntpd/ntp_control.c. - CVE-2016-7434 * SECURITY UPDATE: traps can be set or unset via a crafted control mode packet - debian/patches/CVE-2016-9310.patch: require AUTH in ntpd/ntp_control.c. - CVE-2016-9310 * SECURITY UPDATE: DoS when trap service is enabled - debian/patches/CVE-2016-9311.patch: make sure peer events are associated with a peer in ntpd/ntp_control.c. - CVE-2016-9311 * SECURITY UPDATE: potential Overflows in ctl_put() functions - debian/patches/CVE-2017-6458.patch: check lengths in ntpd/ntp_control.c. - CVE-2017-6458 * SECURITY UPDATE: overflow via long flagstr variable - debian/patches/CVE-2017-6460.patch: check length in ntpq/ntpq-subs.c. - CVE-2017-6460 * SECURITY UPDATE: buffer overflow in DPTS refclock driver - debian/patches/CVE-2017-6462.patch: don't overrun buffer in ntpd/refclock_datum.c. - CVE-2017-6462 * SECURITY UPDATE: DoS via invalid setting in a :config directive - debian/patches/CVE-2017-6463.patch: protect against overflow in ntpd/ntp_config.c. - CVE-2017-6463 * SECURITY UPDATE: Dos via malformed mode configuration directive - debian/patches/CVE-2017-6464.patch: validate directives in ntpd/ntp_config.c, ntpd/ntp_proto.c. - CVE-2017-6464 Checksums-Sha1: ca2a23669c68ee7ff9e20c48b912ffc2d37bf914 840078 ntp-dbgsym_4.2.8p4+dfsg-3ubuntu5.5_i386.ddeb 60d446dbf91d390998fb634896be9a81a56898c9 526844 ntp_4.2.8p4+dfsg-3ubuntu5.5_i386.deb fd50895d552305d5704d13970995c94454e78ced 100588 ntpdate-dbgsym_4.2.8p4+dfsg-3ubuntu5.5_i386.ddeb 10f2a759baa84c44f2c4a254c40e83d2f751db09 50606 ntpdate_4.2.8p4+dfsg-3ubuntu5.5_i386.deb Checksums-Sha256: 676e896705b7e1f5e95f60775616e3f5a366d6add0c4612708d5f131b4ee1b02 840078 ntp-dbgsym_4.2.8p4+dfsg-3ubuntu5.5_i386.ddeb a83e0d42adc6e0f76944d36f1e3734984d566f844424f44b2a08c7251c680dd1 526844 ntp_4.2.8p4+dfsg-3ubuntu5.5_i386.deb 8940077a985ca1a53a3c5fae8eedea8b9e9de9923e7dc2bd21bacea8dc91c685 100588 ntpdate-dbgsym_4.2.8p4+dfsg-3ubuntu5.5_i386.ddeb 5893a14989a2fa8d0664d12bb368768c76bd2a0ce3130024476f96e3379af415 50606 ntpdate_4.2.8p4+dfsg-3ubuntu5.5_i386.deb Files: 4f19fc19f25d815467a3489842803fc8 840078 net extra ntp-dbgsym_4.2.8p4+dfsg-3ubuntu5.5_i386.ddeb cb05d0e32003d2e647a76a8eefda924b 526844 net optional ntp_4.2.8p4+dfsg-3ubuntu5.5_i386.deb d855fa3230ed40606530da92c692fbc5 100588 net extra ntpdate-dbgsym_4.2.8p4+dfsg-3ubuntu5.5_i386.ddeb f9092a6e0b76a33b0c192bde1db2ccab 50606 net optional ntpdate_4.2.8p4+dfsg-3ubuntu5.5_i386.deb Original-Maintainer: Debian NTP Team