[ubuntu/trusty-updates] ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.3 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Apr 13 15:28:17 UTC 2015
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.3) trusty-security; urgency=medium
* SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
- debian/patches/CVE-2015-1798.patch: reject packets without MAC in
ntpd/ntp_proto.c.
- CVE-2015-1798
* SECURITY UPDATE: symmetric association DoS attack
- debian/patches/CVE-2015-1799.patch: don't update state variables when
authentication fails in ntpd/ntp_proto.c.
- CVE-2015-1799
* SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
endian platforms
- debian/patches/ntp-keygen-endless-loop.patch: fix logic in
util/ntp-keygen.c.
- CVE number pending
Date: 2015-04-13 13:36:21.868013+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list