[ubuntu/precise-security] ntp 1:4.2.6.p3+dfsg-1ubuntu3.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Dec 22 12:58:06 UTC 2014
ntp (1:4.2.6.p3+dfsg-1ubuntu3.2) precise-security; urgency=medium
* SECURITY UPDATE: weak default key in config_auth()
- debian/patches/CVE-2014-9293.patch: use openssl for random key in
ntpd/ntp_config.c, ntpd/ntpd.c.
- CVE-2014-9293
* SECURITY UPDATE: non-cryptographic random number generator with weak
seed used by ntp-keygen to generate symmetric keys
- debian/patches/CVE-2014-9294.patch: use openssl for random key in
include/ntp_random.h, libntp/ntp_random.c, util/ntp-keygen.c.
- CVE-2014-9294
* SECURITY UPDATE: buffer overflows in crypto_recv(), ctl_putdata(),
configure()
- debian/patches/CVE-2014-9295.patch: check lengths in
ntpd/ntp_control.c, ntpd/ntp_crypto.c.
- CVE-2014-9295
* SECURITY UPDATE: missing return on error in receive()
- debian/patches/CVE-2015-9296.patch: add missing return in
ntpd/ntp_proto.c.
- CVE-2014-9296
Date: 2014-12-20 11:44:41.221674+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list