ntp 1:4.2.8p8+dfsg-1ubuntu2.1 source package in Ubuntu
Changelog
ntp (1:4.2.8p8+dfsg-1ubuntu2.1) yakkety-security; urgency=medium * SECURITY UPDATE: DoS via responses with a spoofed source address - debian/patches/CVE-2016-7426.patch: improve rate limiting in ntpd/ntp_proto.c. - CVE-2016-7426 * SECURITY UPDATE: DoS via crafted broadcast mode packet - debian/patches/CVE-2016-7427-1.patch: improve replay prevention logic in ntpd/ntp_proto.c. - debian/patches/CVE-2016-7427-2.patch: add bcpollbstep option to html/miscopt.html, include/ntp.h, include/ntpd.h, ntpd/complete.conf.in, ntpd/invoke-ntp.conf.texi, ntpd/keyword-gen.c, ntpd/ntp.conf.5man, ntpd/ntp.conf.5mdoc, ntpd/ntp.conf.def, ntpd/ntp.conf.man.in, ntpd/ntp.conf.mdoc.in, ntpd/ntp_config.c, ntpd/ntp_keyword.h, ntpd/ntp_parser.y, ntpd/ntp_proto.c. - CVE-2016-7427 * SECURITY UPDATE: DoS via poll interval in a broadcast packet - debian/patches/CVE-2016-7428.patch: ensure at least one poll interval has elapsed in ntpd/ntp_proto.c, include/ntp.h. - CVE-2016-7428 * SECURITY UPDATE: DoS via response for a source to an interface the source does not use - debian/patches/CVE-2016-7429-1.patch: add extra checks to ntpd/ntp_peer.c. - debian/patches/CVE-2016-7429-2.patch: check for NULL first in ntpd/ntp_peer.c. - debian/patches/CVE-2016-7429-3.patch: fix multicastclient regression in ntpd/ntp_peer.c. - CVE-2016-7429 * SECURITY UPDATE: origin timestamp protection mechanism bypass - debian/patches/CVE-2016-7431.patch: handle zero origin in ntpd/ntp_proto.c. - CVE-2016-7431 * SECURITY UPDATE: incorrect initial sync calculations - debian/patches/CVE-2016-7433.patch: use peer dispersion in ntpd/ntp_proto.c. - CVE-2016-7433 * SECURITY UPDATE: DoS via crafted mrulist query - debian/patches/CVE-2016-7434.patch: added missing parameter validation to ntpd/ntp_control.c. - CVE-2016-7434 * SECURITY UPDATE: DoS in the origin timestamp check - debian/patches/CVE-2016-9042.patch: comment out broken code in ntpd/ntp_proto.c. - CVE-2016-9042 * SECURITY UPDATE: traps can be set or unset via a crafted control mode packet - debian/patches/CVE-2016-9310.patch: require AUTH in ntpd/ntp_control.c. - CVE-2016-9310 * SECURITY UPDATE: DoS when trap service is enabled - debian/patches/CVE-2016-9311.patch: make sure peer events are associated with a peer in ntpd/ntp_control.c. - CVE-2016-9311 * SECURITY UPDATE: potential Overflows in ctl_put() functions - debian/patches/CVE-2017-6458.patch: check lengths in ntpd/ntp_control.c. - CVE-2017-6458 * SECURITY UPDATE: overflow via long flagstr variable - debian/patches/CVE-2017-6460.patch: check length in ntpq/ntpq-subs.c. - CVE-2017-6460 * SECURITY UPDATE: buffer overflow in DPTS refclock driver - debian/patches/CVE-2017-6462.patch: don't overrun buffer in ntpd/refclock_datum.c. - CVE-2017-6462 * SECURITY UPDATE: DoS via invalid setting in a :config directive - debian/patches/CVE-2017-6463.patch: protect against overflow in ntpd/ntp_config.c. - CVE-2017-6463 * SECURITY UPDATE: Dos via malformed mode configuration directive - debian/patches/CVE-2017-6464.patch: validate directives in ntpd/ntp_config.c, ntpd/ntp_proto.c. - CVE-2017-6464 -- Marc Deslauriers <email address hidden> Wed, 28 Jun 2017 08:21:41 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Yakkety
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- net
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
ntp_4.2.8p8+dfsg.orig.tar.xz | 4.0 MiB | 73e19507784300c5ea24fddeb9779c9a5056e42b40457759a69549e1030a3894 |
ntp_4.2.8p8+dfsg-1ubuntu2.1.debian.tar.xz | 104.4 KiB | e48c3e96f9be7f638743e17717734e7573ca33f5881b948b2b9d214e23f72cdf |
ntp_4.2.8p8+dfsg-1ubuntu2.1.dsc | 2.3 KiB | f821196ab9ce6920237644b038d86599c9aa83e41ad579f85420216384970c48 |
Available diffs
Binary packages built by this source
- ntp: No summary available for ntp in ubuntu yakkety.
No description available for ntp in ubuntu yakkety.
- ntp-dbgsym: No summary available for ntp-dbgsym in ubuntu yakkety.
No description available for ntp-dbgsym in ubuntu yakkety.
- ntp-doc: No summary available for ntp-doc in ubuntu yakkety.
No description available for ntp-doc in ubuntu yakkety.
- ntpdate: No summary available for ntpdate in ubuntu yakkety.
No description available for ntpdate in ubuntu yakkety.
- ntpdate-dbgsym: No summary available for ntpdate-dbgsym in ubuntu yakkety.
No description available for ntpdate-dbgsym in ubuntu yakkety.