[ubuntu/bionic-updates] ntpsec 1.1.0+dfsg1-1ubuntu0.2 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Jan 24 13:58:14 UTC 2019
ntpsec (1.1.0+dfsg1-1ubuntu0.2) bionic-security; urgency=medium
* Backport three commits from 1.1.3 to fix (LP: #1812458)
- CVE-2019-6442: "An authenticated attacker can write one byte out of
bounds in ntpd via a malformed config request, related to
config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and
yyerror in ntp_parser.y."
- CVE-2019-6443: "Because of a bug in ctl_getitem, there is a stack-based
buffer over-read in read_sysvars in ntp_control.c in ntpd.
- CVE-2019-6444: "process_control() in ntp_control.c has a stack-based
buffer over-read because attacker-controlled data is dereferenced by
ntohl() in ntpd."
- CVE-2019-6445: "An authenticated attacker can cause a NULL pointer
dereference and ntpd crash in ntp_control.c, related to ctl_getitem."
Date: 2019-01-23 20:43:54.642149+00:00
Changed-By: Richard Laager <rlaager at wiktel.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/ntpsec/1.1.0+dfsg1-1ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list