ntp 1:4.2.8p4+dfsg-3ubuntu5.5 source package in Ubuntu

Changelog

ntp (1:4.2.8p4+dfsg-3ubuntu5.5) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS via large request data value
    - debian/patches/CVE-2016-2519.patch: check packet in
      ntpd/ntp_control.c.
    - CVE-2016-2519
  * SECURITY UPDATE: DoS via responses with a spoofed source address
    - debian/patches/CVE-2016-7426.patch: improve rate limiting in
      ntpd/ntp_proto.c.
    - CVE-2016-7426
  * SECURITY UPDATE: DoS via crafted broadcast mode packet
    - debian/patches/CVE-2016-7427-1.patch: improve replay prevention
      logic in ntpd/ntp_proto.c.
    - CVE-2016-7427
  * SECURITY UPDATE: DoS via poll interval in a broadcast packet
    - debian/patches/CVE-2016-7428.patch: ensure at least one poll interval
      has elapsed in ntpd/ntp_proto.c, include/ntp.h.
    - CVE-2016-7428
  * SECURITY UPDATE: DoS via response for a source to an interface the
    source does not use
    - debian/patches/CVE-2016-7429-1.patch: add extra checks to
      ntpd/ntp_peer.c.
    - debian/patches/CVE-2016-7429-2.patch: check for NULL first in
      ntpd/ntp_peer.c.
    - debian/patches/CVE-2016-7429-3.patch: fix multicastclient regression
      in ntpd/ntp_peer.c.
    - CVE-2016-7429
  * SECURITY UPDATE: incorrect initial sync calculations
    - debian/patches/CVE-2016-7433.patch: use peer dispersion in
      ntpd/ntp_proto.c.
    - CVE-2016-7433
  * SECURITY UPDATE: DoS via crafted mrulist query
    - debian/patches/CVE-2016-7434.patch: added missing parameter
      validation to ntpd/ntp_control.c.
    - CVE-2016-7434
  * SECURITY UPDATE: traps can be set or unset via a crafted control mode
    packet
    - debian/patches/CVE-2016-9310.patch: require AUTH in
      ntpd/ntp_control.c.
    - CVE-2016-9310
  * SECURITY UPDATE: DoS when trap service is enabled
    - debian/patches/CVE-2016-9311.patch: make sure peer events are
      associated with a peer in ntpd/ntp_control.c.
    - CVE-2016-9311
  * SECURITY UPDATE: potential Overflows in ctl_put() functions
    - debian/patches/CVE-2017-6458.patch: check lengths in
      ntpd/ntp_control.c.
    - CVE-2017-6458
  * SECURITY UPDATE: overflow via long flagstr variable
    - debian/patches/CVE-2017-6460.patch: check length in ntpq/ntpq-subs.c.
    - CVE-2017-6460
  * SECURITY UPDATE: buffer overflow in DPTS refclock driver
    - debian/patches/CVE-2017-6462.patch: don't overrun buffer in
      ntpd/refclock_datum.c.
    - CVE-2017-6462
  * SECURITY UPDATE: DoS via invalid setting in a :config directive
    - debian/patches/CVE-2017-6463.patch: protect against overflow in
      ntpd/ntp_config.c.
    - CVE-2017-6463
  * SECURITY UPDATE: Dos via malformed mode configuration directive
    - debian/patches/CVE-2017-6464.patch: validate directives in
      ntpd/ntp_config.c, ntpd/ntp_proto.c.
    - CVE-2017-6464

 -- Marc Deslauriers <email address hidden>  Wed, 28 Jun 2017 10:23:27 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Xenial
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
ntp_4.2.8p4+dfsg.orig.tar.gz 6.7 MiB 6da2529b5d9ee4ac01fb64d127426b254c6defa3098a456a6f71736920f4e4ed
ntp_4.2.8p4+dfsg-3ubuntu5.5.debian.tar.xz 92.9 KiB 756903373265c6ac709c8cd254953eafa5da013c734f1f4b6f08454ca62128e5
ntp_4.2.8p4+dfsg-3ubuntu5.5.dsc 2.3 KiB 4b11033086b3f79e7c035a2cd1cd94a454d5794c52638584032ecd223fc73860

View changes file

Binary packages built by this source

ntp: Network Time Protocol daemon and utility programs

 NTP, the Network Time Protocol, is used to keep computer clocks
 accurate by synchronizing them over the Internet or a local network,
 or by following an accurate hardware receiver that interprets GPS,
 DCF-77, NIST or similar time signals.
 .
 This package contains the NTP daemon and utility programs. An NTP
 daemon needs to be running on each host that is to have its clock
 accuracy controlled by NTP. The same NTP daemon is also used to
 provide NTP service to other hosts.
 .
 For more information about the NTP protocol and NTP server
 configuration and operation, install the package "ntp-doc".

ntp-dbgsym: debug symbols for package ntp

 NTP, the Network Time Protocol, is used to keep computer clocks
 accurate by synchronizing them over the Internet or a local network,
 or by following an accurate hardware receiver that interprets GPS,
 DCF-77, NIST or similar time signals.
 .
 This package contains the NTP daemon and utility programs. An NTP
 daemon needs to be running on each host that is to have its clock
 accuracy controlled by NTP. The same NTP daemon is also used to
 provide NTP service to other hosts.
 .
 For more information about the NTP protocol and NTP server
 configuration and operation, install the package "ntp-doc".

ntp-doc: Network Time Protocol documentation

 NTP, the Network Time Protocol, is used to keep computer clocks
 accurate by synchronizing them over the Internet or a local network,
 or by following an accurate hardware receiver that interprets GPS,
 DCF-77, NIST or similar time signals.
 .
 This package contains HTML documentation for the ntp packages (ntp,
 ntpdate). Since there are no substantive man pages for ntp's
 programs and configuration files, this package is desirable for any
 setup beyond the simple default configuration.

ntpdate: client for setting system time from NTP servers

 NTP, the Network Time Protocol, is used to keep computer clocks
 accurate by synchronizing them over the Internet or a local network,
 or by following an accurate hardware receiver that interprets GPS,
 DCF-77, NIST or similar time signals.
 .
 ntpdate is a simple NTP client that sets a system's clock to match
 the time obtained by communicating with one or more NTP servers. It
 is not sufficient, however, for maintaining an accurate clock in the
 long run. ntpdate by itself is useful for occasionally setting the
 time on machines that do not have full-time network access, such as
 laptops.
 .
 If the full NTP daemon from the package "ntp" is installed, then
 ntpdate is not necessary.

ntpdate-dbgsym: debug symbols for package ntpdate

 NTP, the Network Time Protocol, is used to keep computer clocks
 accurate by synchronizing them over the Internet or a local network,
 or by following an accurate hardware receiver that interprets GPS,
 DCF-77, NIST or similar time signals.
 .
 ntpdate is a simple NTP client that sets a system's clock to match
 the time obtained by communicating with one or more NTP servers. It
 is not sufficient, however, for maintaining an accurate clock in the
 long run. ntpdate by itself is useful for occasionally setting the
 time on machines that do not have full-time network access, such as
 laptops.
 .
 If the full NTP daemon from the package "ntp" is installed, then
 ntpdate is not necessary.