Format: 1.8 Date: Sat, 20 Dec 2014 06:06:22 -0500 Source: ntp Binary: ntp ntpdate ntp-doc Architecture: amd64 Version: 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1 Distribution: trusty Urgency: medium Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Marc Deslauriers Description: ntp - Network Time Protocol daemon and utility programs ntp-doc - Network Time Protocol documentation ntpdate - client for setting system time from NTP servers Changes: ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.1) trusty-security; urgency=medium . * SECURITY UPDATE: weak default key in config_auth() - debian/patches/CVE-2014-9293.patch: use openssl for random key in ntpd/ntp_config.c, ntpd/ntpd.c. - CVE-2014-9293 * SECURITY UPDATE: non-cryptographic random number generator with weak seed used by ntp-keygen to generate symmetric keys - debian/patches/CVE-2014-9294.patch: use openssl for random key in include/ntp_random.h, libntp/ntp_random.c, util/ntp-keygen.c. - CVE-2014-9294 * SECURITY UPDATE: buffer overflows in crypto_recv(), ctl_putdata(), configure() - debian/patches/CVE-2014-9295.patch: check lengths in ntpd/ntp_control.c, ntpd/ntp_crypto.c. - CVE-2014-9295 * SECURITY UPDATE: missing return on error in receive() - debian/patches/CVE-2015-9296.patch: add missing return in ntpd/ntp_proto.c. - CVE-2014-9296 Checksums-Sha1: 939af971a302163033c788ab91972ea6fcb3b895 416888 ntp_4.2.6.p5+dfsg-3ubuntu2.14.04.1_amd64.deb 526200700c926e4537744d996f1ab352ec3435ce 55850 ntpdate_4.2.6.p5+dfsg-3ubuntu2.14.04.1_amd64.deb Checksums-Sha256: a4c4ca8a4a5e508ba5af0c12468c99cad991d958814d3bb17e4360b1826bdd07 416888 ntp_4.2.6.p5+dfsg-3ubuntu2.14.04.1_amd64.deb d3da992ebae5de38f217c11dfcf5322a14048c5c97c06788462459ad9edf99e4 55850 ntpdate_4.2.6.p5+dfsg-3ubuntu2.14.04.1_amd64.deb Files: f244346c5ec9cd076a57a51fde86d0a0 416888 net optional ntp_4.2.6.p5+dfsg-3ubuntu2.14.04.1_amd64.deb 5137369c5c359de55b5b12a58bc81c87 55850 net optional ntpdate_4.2.6.p5+dfsg-3ubuntu2.14.04.1_amd64.deb Original-Maintainer: Debian NTP Team