[ubuntu/vivid-proposed] ntp 1:4.2.6.p5+dfsg-3ubuntu3 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Sun Dec 21 16:51:15 UTC 2014 

ntp (1:4.2.6.p5+dfsg-3ubuntu3) vivid; urgency=medium

  * SECURITY UPDATE: weak default key in config_auth()
    - debian/patches/CVE-2014-9293.patch: use openssl for random key in
      ntpd/ntp_config.c, ntpd/ntpd.c.
    - CVE-2014-9293
  * SECURITY UPDATE: non-cryptographic random number generator with weak
    seed used by ntp-keygen to generate symmetric keys
    - debian/patches/CVE-2014-9294.patch: use openssl for random key in
      include/ntp_random.h, libntp/ntp_random.c, util/ntp-keygen.c.
    - CVE-2014-9294
  * SECURITY UPDATE: buffer overflows in crypto_recv(), ctl_putdata(),
    configure()
    - debian/patches/CVE-2014-9295.patch: check lengths in
      ntpd/ntp_control.c, ntpd/ntp_crypto.c.
    - CVE-2014-9295
  * SECURITY UPDATE: missing return on error in receive()
    - debian/patches/CVE-2015-9296.patch: add missing return in
      ntpd/ntp_proto.c.
    - CVE-2014-9296

Date: Sat, 20 Dec 2014 05:47:10 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 20 Dec 2014 05:47:10 -0500
Source: ntp
Binary: ntp ntpdate ntp-doc
Architecture: source
Version: 1:4.2.6.p5+dfsg-3ubuntu3
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 ntp        - Network Time Protocol daemon and utility programs
 ntp-doc    - Network Time Protocol documentation
 ntpdate    - client for setting system time from NTP servers
Changes:
 ntp (1:4.2.6.p5+dfsg-3ubuntu3) vivid; urgency=medium
 .
   * SECURITY UPDATE: weak default key in config_auth()
     - debian/patches/CVE-2014-9293.patch: use openssl for random key in
       ntpd/ntp_config.c, ntpd/ntpd.c.
     - CVE-2014-9293
   * SECURITY UPDATE: non-cryptographic random number generator with weak
     seed used by ntp-keygen to generate symmetric keys
     - debian/patches/CVE-2014-9294.patch: use openssl for random key in
       include/ntp_random.h, libntp/ntp_random.c, util/ntp-keygen.c.
     - CVE-2014-9294
   * SECURITY UPDATE: buffer overflows in crypto_recv(), ctl_putdata(),
     configure()
     - debian/patches/CVE-2014-9295.patch: check lengths in
       ntpd/ntp_control.c, ntpd/ntp_crypto.c.
     - CVE-2014-9295
   * SECURITY UPDATE: missing return on error in receive()
     - debian/patches/CVE-2015-9296.patch: add missing return in
       ntpd/ntp_proto.c.
     - CVE-2014-9296
Checksums-Sha1:
 01fa87c318bf7f7f4dadb1e530e635774161dafe 2348 ntp_4.2.6.p5+dfsg-3ubuntu3.dsc
 82c64b1c290d8f78c1c941b22d7ac23928129bfb 82948 ntp_4.2.6.p5+dfsg-3ubuntu3.debian.tar.xz
Checksums-Sha256:
 7b29db23f941d33ba43874948dea92665df52cfd972bf4738cbb52fb9db43c9c 2348 ntp_4.2.6.p5+dfsg-3ubuntu3.dsc
 b293a44d7a5902e2532aa82abd359199410b9c8adff100ee79220ee8141c9cf5 82948 ntp_4.2.6.p5+dfsg-3ubuntu3.debian.tar.xz
Files:
 a51987a94cbf731c3a1b80cb4ed96b66 2348 net optional ntp_4.2.6.p5+dfsg-3ubuntu3.dsc
 8e792f9a870fb83b36511609f869cd2b 82948 net optional ntp_4.2.6.p5+dfsg-3ubuntu3.debian.tar.xz
Original-Maintainer: Debian NTP Team <pkg-ntp-maintainers at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUlvhHAAoJEGVp2FWnRL6TxMoQAICb5xuXBN4ZpwE/zuwvNoGa
Xr8ZUsUEGJho4oAv0+BeFPqDIIFDupAKrF84CA8wTLJlYKE167GYev9W0EzU5DDU
76A/wp118aIcT1guCG+abhV4p6n+lR7Xg4KGWpMVIHz8Gk4cq4UH9c06QEnxA5lG
jcl3YOspdpAWTKmr7CmWL6d5Fm9TLp6Lp3HnY52vbdVI5xkhH7iDkqvA99lztfx+
p4zeip87pe6mt/8aRQm5Z9HoKu8sIrxxRGSMJmFBCCBYIkiZueLSB9Br/SCK7qp4
eBb1VKMTCimojCJ+tg85Qo0uNODkwQAgvW4lysPeO/p695cCejIezGzPTlXet12E
weO7XW6I6rRT2lBgXa2k7w7s/d5CXbANVe2p+92kT8yKf+WCC8TyEtvttlEmIwUr
+KXSCAIQrVp0nYTAt+XTIIdEi0bL6A0YX6VBSVviSQ57SO2ViZhvH8gpCtZBRoeg
c5PE0f+vTCC3Pdwxobm0Qgyi+XHOEAzJy2eLFR0FbHS+JirkxJQHQ+fT/jqshc+x
QY08OQzvhzmOAqkX08wSusc4tbkomXnYvAxOjmHPfAY4WRkruvMgSNymKADijfjH
F7ibR0SdE+zs52IpMdwgOg2Sp3jBPC4WPjsRHoXJlqFh/Xs5JjAnRjNlSeGRAXLr
LI6j/X/6AGHxdTuG4HTg
=bkIS
-----END PGP SIGNATURE-----

More information about the Vivid-changes mailing list