ntp 1:4.2.8p4+dfsg-3ubuntu5.5 source package in Ubuntu
Changelog
ntp (1:4.2.8p4+dfsg-3ubuntu5.5) xenial-security; urgency=medium * SECURITY UPDATE: DoS via large request data value - debian/patches/CVE-2016-2519.patch: check packet in ntpd/ntp_control.c. - CVE-2016-2519 * SECURITY UPDATE: DoS via responses with a spoofed source address - debian/patches/CVE-2016-7426.patch: improve rate limiting in ntpd/ntp_proto.c. - CVE-2016-7426 * SECURITY UPDATE: DoS via crafted broadcast mode packet - debian/patches/CVE-2016-7427-1.patch: improve replay prevention logic in ntpd/ntp_proto.c. - CVE-2016-7427 * SECURITY UPDATE: DoS via poll interval in a broadcast packet - debian/patches/CVE-2016-7428.patch: ensure at least one poll interval has elapsed in ntpd/ntp_proto.c, include/ntp.h. - CVE-2016-7428 * SECURITY UPDATE: DoS via response for a source to an interface the source does not use - debian/patches/CVE-2016-7429-1.patch: add extra checks to ntpd/ntp_peer.c. - debian/patches/CVE-2016-7429-2.patch: check for NULL first in ntpd/ntp_peer.c. - debian/patches/CVE-2016-7429-3.patch: fix multicastclient regression in ntpd/ntp_peer.c. - CVE-2016-7429 * SECURITY UPDATE: incorrect initial sync calculations - debian/patches/CVE-2016-7433.patch: use peer dispersion in ntpd/ntp_proto.c. - CVE-2016-7433 * SECURITY UPDATE: DoS via crafted mrulist query - debian/patches/CVE-2016-7434.patch: added missing parameter validation to ntpd/ntp_control.c. - CVE-2016-7434 * SECURITY UPDATE: traps can be set or unset via a crafted control mode packet - debian/patches/CVE-2016-9310.patch: require AUTH in ntpd/ntp_control.c. - CVE-2016-9310 * SECURITY UPDATE: DoS when trap service is enabled - debian/patches/CVE-2016-9311.patch: make sure peer events are associated with a peer in ntpd/ntp_control.c. - CVE-2016-9311 * SECURITY UPDATE: potential Overflows in ctl_put() functions - debian/patches/CVE-2017-6458.patch: check lengths in ntpd/ntp_control.c. - CVE-2017-6458 * SECURITY UPDATE: overflow via long flagstr variable - debian/patches/CVE-2017-6460.patch: check length in ntpq/ntpq-subs.c. - CVE-2017-6460 * SECURITY UPDATE: buffer overflow in DPTS refclock driver - debian/patches/CVE-2017-6462.patch: don't overrun buffer in ntpd/refclock_datum.c. - CVE-2017-6462 * SECURITY UPDATE: DoS via invalid setting in a :config directive - debian/patches/CVE-2017-6463.patch: protect against overflow in ntpd/ntp_config.c. - CVE-2017-6463 * SECURITY UPDATE: Dos via malformed mode configuration directive - debian/patches/CVE-2017-6464.patch: validate directives in ntpd/ntp_config.c, ntpd/ntp_proto.c. - CVE-2017-6464 -- Marc Deslauriers <email address hidden> Wed, 28 Jun 2017 10:23:27 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Xenial
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- net
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
ntp_4.2.8p4+dfsg.orig.tar.gz | 6.7 MiB | 6da2529b5d9ee4ac01fb64d127426b254c6defa3098a456a6f71736920f4e4ed |
ntp_4.2.8p4+dfsg-3ubuntu5.5.debian.tar.xz | 92.9 KiB | 756903373265c6ac709c8cd254953eafa5da013c734f1f4b6f08454ca62128e5 |
ntp_4.2.8p4+dfsg-3ubuntu5.5.dsc | 2.3 KiB | 4b11033086b3f79e7c035a2cd1cd94a454d5794c52638584032ecd223fc73860 |
Available diffs
Binary packages built by this source
- ntp: Network Time Protocol daemon and utility programs
NTP, the Network Time Protocol, is used to keep computer clocks
accurate by synchronizing them over the Internet or a local network,
or by following an accurate hardware receiver that interprets GPS,
DCF-77, NIST or similar time signals.
.
This package contains the NTP daemon and utility programs. An NTP
daemon needs to be running on each host that is to have its clock
accuracy controlled by NTP. The same NTP daemon is also used to
provide NTP service to other hosts.
.
For more information about the NTP protocol and NTP server
configuration and operation, install the package "ntp-doc".
- ntp-dbgsym: debug symbols for package ntp
NTP, the Network Time Protocol, is used to keep computer clocks
accurate by synchronizing them over the Internet or a local network,
or by following an accurate hardware receiver that interprets GPS,
DCF-77, NIST or similar time signals.
.
This package contains the NTP daemon and utility programs. An NTP
daemon needs to be running on each host that is to have its clock
accuracy controlled by NTP. The same NTP daemon is also used to
provide NTP service to other hosts.
.
For more information about the NTP protocol and NTP server
configuration and operation, install the package "ntp-doc".
- ntp-doc: Network Time Protocol documentation
NTP, the Network Time Protocol, is used to keep computer clocks
accurate by synchronizing them over the Internet or a local network,
or by following an accurate hardware receiver that interprets GPS,
DCF-77, NIST or similar time signals.
.
This package contains HTML documentation for the ntp packages (ntp,
ntpdate). Since there are no substantive man pages for ntp's
programs and configuration files, this package is desirable for any
setup beyond the simple default configuration.
- ntpdate: client for setting system time from NTP servers
NTP, the Network Time Protocol, is used to keep computer clocks
accurate by synchronizing them over the Internet or a local network,
or by following an accurate hardware receiver that interprets GPS,
DCF-77, NIST or similar time signals.
.
ntpdate is a simple NTP client that sets a system's clock to match
the time obtained by communicating with one or more NTP servers. It
is not sufficient, however, for maintaining an accurate clock in the
long run. ntpdate by itself is useful for occasionally setting the
time on machines that do not have full-time network access, such as
laptops.
.
If the full NTP daemon from the package "ntp" is installed, then
ntpdate is not necessary.
- ntpdate-dbgsym: debug symbols for package ntpdate
NTP, the Network Time Protocol, is used to keep computer clocks
accurate by synchronizing them over the Internet or a local network,
or by following an accurate hardware receiver that interprets GPS,
DCF-77, NIST or similar time signals.
.
ntpdate is a simple NTP client that sets a system's clock to match
the time obtained by communicating with one or more NTP servers. It
is not sufficient, however, for maintaining an accurate clock in the
long run. ntpdate by itself is useful for occasionally setting the
time on machines that do not have full-time network access, such as
laptops.
.
If the full NTP daemon from the package "ntp" is installed, then
ntpdate is not necessary.