Format: 1.8 Date: Sat, 20 Dec 2014 06:06:22 -0500 Source: ntp Binary: ntp ntpdate ntp-doc Architecture: armhf Version: 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1 Distribution: trusty Urgency: medium Maintainer: Ubuntu/armhf Build Daemon Changed-By: Marc Deslauriers Description: ntp - Network Time Protocol daemon and utility programs ntp-doc - Network Time Protocol documentation ntpdate - client for setting system time from NTP servers Changes: ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.1) trusty-security; urgency=medium . * SECURITY UPDATE: weak default key in config_auth() - debian/patches/CVE-2014-9293.patch: use openssl for random key in ntpd/ntp_config.c, ntpd/ntpd.c. - CVE-2014-9293 * SECURITY UPDATE: non-cryptographic random number generator with weak seed used by ntp-keygen to generate symmetric keys - debian/patches/CVE-2014-9294.patch: use openssl for random key in include/ntp_random.h, libntp/ntp_random.c, util/ntp-keygen.c. - CVE-2014-9294 * SECURITY UPDATE: buffer overflows in crypto_recv(), ctl_putdata(), configure() - debian/patches/CVE-2014-9295.patch: check lengths in ntpd/ntp_control.c, ntpd/ntp_crypto.c. - CVE-2014-9295 * SECURITY UPDATE: missing return on error in receive() - debian/patches/CVE-2015-9296.patch: add missing return in ntpd/ntp_proto.c. - CVE-2014-9296 Checksums-Sha1: 938769dae73712fe123e0b8d4916c1bf077713d5 371372 ntp_4.2.6.p5+dfsg-3ubuntu2.14.04.1_armhf.deb 7ae05f88ba4bf02fe3ef0916f4337e05e811d5b9 52330 ntpdate_4.2.6.p5+dfsg-3ubuntu2.14.04.1_armhf.deb Checksums-Sha256: 54d06d5e071414cac0327ccccb45350ffe6441f8c061bb8894d4e6a692d2f77a 371372 ntp_4.2.6.p5+dfsg-3ubuntu2.14.04.1_armhf.deb f5298b9372505b882013c922c52b3b4382ae67d158d191b92603cb5e8fb81dc3 52330 ntpdate_4.2.6.p5+dfsg-3ubuntu2.14.04.1_armhf.deb Files: 893a1000cf4d86a474ecb824625d5442 371372 net optional ntp_4.2.6.p5+dfsg-3ubuntu2.14.04.1_armhf.deb 5233a2ac9359f2fd9c089bc8ad6bdd92 52330 net optional ntpdate_4.2.6.p5+dfsg-3ubuntu2.14.04.1_armhf.deb Original-Maintainer: Debian NTP Team