ntp 1:4.2.6.p5+dfsg-3ubuntu6.2 source package in Ubuntu
Changelog
ntp (1:4.2.6.p5+dfsg-3ubuntu6.2) vivid-security; urgency=medium * SECURITY UPDATE: denial of service via crafted NUL-byte in configuration directive - debian/patches/CVE-2015-5146.patch: properly validate command in ntpd/ntp_control.c. - CVE-2015-5146 * SECURITY UPDATE: denial of service via malformed logconfig commands - debian/patches/CVE-2015-5194.patch: fix logconfig logic in ntpd/ntp_parser.y. - CVE-2015-5194 * SECURITY UPDATE: denial of service via disabled statistics type - debian/patches/CVE-2015-5195.patch: handle unrecognized types in ntpd/ntp_config.c. - CVE-2015-5195 * SECURITY UPDATE: file overwrite via remote pidfile and driftfile configuration directives - debian/patches/CVE-2015-5196.patch: disable remote configuration in ntpd/ntp_parser.y. - CVE-2015-5196 - CVE-2015-7703 * SECURITY UPDATE: denial of service via precision value conversion - debian/patches/CVE-2015-5219.patch: use ldexp for LOGTOD in include/ntp.h. - CVE-2015-5219 * SECURITY UPDATE: timeshifting by reboot issue - debian/patches/CVE-2015-5300.patch: disable panic in ntpd/ntp_loopfilter.c. - CVE-2015-5300 * SECURITY UPDATE: incomplete autokey data packet length checks - debian/patches/CVE-2015-7691.patch: add length and size checks to ntpd/ntp_crypto.c. - CVE-2015-7691 - CVE-2015-7692 - CVE-2015-7702 * SECURITY UPDATE: memory leak in CRYPTO_ASSOC - debian/patches/CVE-2015-7701.patch: add missing free in ntpd/ntp_crypto.c. - CVE-2015-7701 * SECURITY UPDATE: denial of service by spoofed KoD - debian/patches/CVE-2015-7704.patch: add check to ntpd/ntp_proto.c. - CVE-2015-7704 - CVE-2015-7705 * SECURITY UPDATE: denial of service via same logfile and keyfile - debian/patches/CVE-2015-7850.patch: rate limit errors in include/ntp_stdlib.h, include/ntp_syslog.h, libntp/authreadkeys.c, libntp/msyslog.c. - CVE-2015-7850 * SECURITY UPDATE: ntpq atoascii memory corruption - debian/patches/CVE-2015-7852.patch: avoid buffer overrun in ntpq/ntpq.c. - CVE-2015-7852 * SECURITY UPDATE: buffer overflow via custom refclock driver - debian/patches/CVE-2015-7853.patch: properly calculate length in ntpd/ntp_io.c. - CVE-2015-7853 * SECURITY UPDATE: denial of service via ASSERT in decodenetnum - debian/patches/CVE-2015-7855.patch: simply return fail in libntp/decodenetnum.c. - CVE-2015-7855 * SECURITY UPDATE: symmetric association authentication bypass via crypto-NAK - debian/patches/CVE-2015-7871.patch: drop unhandled packet in ntpd/ntp_proto.c. - CVE-2015-7871 * debian/control: add bison to Build-Depends. * debian/rules: remove ntp/ntp_parser.{c,h} or they don't get properly regenerated for some reason. * This package does _not_ contain the changes from (1:4.2.6.p5+dfsg-3ubuntu6.1) in vivid-proposed. -- Marc Deslauriers <email address hidden> Fri, 23 Oct 2015 11:42:22 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Vivid
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- net
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
ntp_4.2.6.p5+dfsg.orig.tar.gz | 3.9 MiB | 17f0b63e7e27de5cc999a4afdb96b2dbdf76c75181fca50e2395e49e5773dfc9 |
ntp_4.2.6.p5+dfsg-3ubuntu6.2.debian.tar.xz | 93.4 KiB | facc123587c0ce71a5f20e18a30e0873395d8e0f7f91abb6e1df68ed6aa23d1f |
ntp_4.2.6.p5+dfsg-3ubuntu6.2.dsc | 2.3 KiB | fd19f85a81aed1e700760f3b7609ef12afa66fda00da8e8ff49fc17a92978dd5 |
Available diffs
Binary packages built by this source
- ntp: No summary available for ntp in ubuntu vivid.
No description available for ntp in ubuntu vivid.
- ntp-dbgsym: No summary available for ntp-dbgsym in ubuntu vivid.
No description available for ntp-dbgsym in ubuntu vivid.
- ntp-doc: No summary available for ntp-doc in ubuntu vivid.
No description available for ntp-doc in ubuntu vivid.
- ntpdate: No summary available for ntpdate in ubuntu vivid.
No description available for ntpdate in ubuntu vivid.
- ntpdate-dbgsym: No summary available for ntpdate-dbgsym in ubuntu vivid.
No description available for ntpdate-dbgsym in ubuntu vivid.