[ubuntu/yakkety-proposed] ntp 1:4.2.8p4+dfsg-3ubuntu6 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Wed Jun 1 14:38:15 UTC 2016
ntp (1:4.2.8p4+dfsg-3ubuntu6) yakkety; urgency=medium
* SECURITY UPDATE: Deja Vu replay attack on authenticated broadcast mode
- debian/patches/CVE-2015-7973.patch: improve timestamp verification in
include/ntp.h, ntpd/ntp_proto.c.
- CVE-2015-7973
* SECURITY UPDATE: impersonation between authenticated peers
- debian/patches/CVE-2015-7974.patch: check key ID in ntpd/ntp_proto.c.
- CVE-2015-7974
* SECURITY UPDATE: ntpq buffer overflow
- debian/patches/CVE-2015-7975.patch: add length check to ntpq/ntpq.c.
- CVE-2015-7975
* SECURITY UPDATE: ntpq saveconfig command allows dangerous characters in
filenames
- debian/patches/CVE-2015-7976.patch: check filename in
ntpd/ntp_control.c.
- CVE-2015-7976
* SECURITY UPDATE: restrict list denial of service
- debian/patches/CVE-2015-7977-7978.patch: improve restrict list
processing in ntpd/ntp_request.c.
- CVE-2015-7977
- CVE-2015-7978
* SECURITY UPDATE: authenticated broadcast mode off-path denial of
service
- debian/patches/CVE-2015-7979.patch: add more checks to
ntpd/ntp_proto.c.
- CVE-2015-7979
- CVE-2016-1547
* SECURITY UPDATE: Zero Origin Timestamp Bypass
- debian/patches/CVE-2015-8138.patch: check p_org in ntpd/ntp_proto.c.
- CVE-2015-8138
* SECURITY UPDATE: potential infinite loop in ntpq
- debian/patches/CVE-2015-8158.patch: add time checks to ntpdc/ntpdc.c,
ntpq/ntpq.c.
- CVE-2015-8158
* SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050)
- debian/ntp.cron.daily: fix security issues, patch thanks to halfdog!
- CVE-2016-0727
* SECURITY UPDATE: time spoofing via interleaved symmetric mode
- debian/patches/CVE-20xx-xxxx.patch: check for bogus packets in
ntpd/ntp_proto.c.
- CVE-2016-1548
* SECURITY UPDATE: buffer comparison timing attacks
- debian/patches/CVE-2016-1550.patch: use CRYPTO_memcmp in
libntp/a_md5encrypt.c, sntp/crypto.c.
- CVE-2016-1550
* SECURITY UPDATE: DoS via duplicate IPs on unconfig directives
- debian/patches/CVE-2016-2516.patch: improve logic in
ntpd/ntp_request.c.
- CVE-2016-2516
* SECURITY UPDATE: denial of service via crafted addpeer
- debian/patches/CVE-2016-2518.patch: check mode value in
ntpd/ntp_request.c.
- CVE-2016-2518
Date: Wed, 01 Jun 2016 08:38:07 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu6
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 01 Jun 2016 08:38:07 -0400
Source: ntp
Binary: ntp ntpdate ntp-doc
Architecture: source
Version: 1:4.2.8p4+dfsg-3ubuntu6
Distribution: yakkety
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
ntp - Network Time Protocol daemon and utility programs
ntp-doc - Network Time Protocol documentation
ntpdate - client for setting system time from NTP servers
Launchpad-Bugs-Fixed: 1528050
Changes:
ntp (1:4.2.8p4+dfsg-3ubuntu6) yakkety; urgency=medium
.
* SECURITY UPDATE: Deja Vu replay attack on authenticated broadcast mode
- debian/patches/CVE-2015-7973.patch: improve timestamp verification in
include/ntp.h, ntpd/ntp_proto.c.
- CVE-2015-7973
* SECURITY UPDATE: impersonation between authenticated peers
- debian/patches/CVE-2015-7974.patch: check key ID in ntpd/ntp_proto.c.
- CVE-2015-7974
* SECURITY UPDATE: ntpq buffer overflow
- debian/patches/CVE-2015-7975.patch: add length check to ntpq/ntpq.c.
- CVE-2015-7975
* SECURITY UPDATE: ntpq saveconfig command allows dangerous characters in
filenames
- debian/patches/CVE-2015-7976.patch: check filename in
ntpd/ntp_control.c.
- CVE-2015-7976
* SECURITY UPDATE: restrict list denial of service
- debian/patches/CVE-2015-7977-7978.patch: improve restrict list
processing in ntpd/ntp_request.c.
- CVE-2015-7977
- CVE-2015-7978
* SECURITY UPDATE: authenticated broadcast mode off-path denial of
service
- debian/patches/CVE-2015-7979.patch: add more checks to
ntpd/ntp_proto.c.
- CVE-2015-7979
- CVE-2016-1547
* SECURITY UPDATE: Zero Origin Timestamp Bypass
- debian/patches/CVE-2015-8138.patch: check p_org in ntpd/ntp_proto.c.
- CVE-2015-8138
* SECURITY UPDATE: potential infinite loop in ntpq
- debian/patches/CVE-2015-8158.patch: add time checks to ntpdc/ntpdc.c,
ntpq/ntpq.c.
- CVE-2015-8158
* SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050)
- debian/ntp.cron.daily: fix security issues, patch thanks to halfdog!
- CVE-2016-0727
* SECURITY UPDATE: time spoofing via interleaved symmetric mode
- debian/patches/CVE-20xx-xxxx.patch: check for bogus packets in
ntpd/ntp_proto.c.
- CVE-2016-1548
* SECURITY UPDATE: buffer comparison timing attacks
- debian/patches/CVE-2016-1550.patch: use CRYPTO_memcmp in
libntp/a_md5encrypt.c, sntp/crypto.c.
- CVE-2016-1550
* SECURITY UPDATE: DoS via duplicate IPs on unconfig directives
- debian/patches/CVE-2016-2516.patch: improve logic in
ntpd/ntp_request.c.
- CVE-2016-2516
* SECURITY UPDATE: denial of service via crafted addpeer
- debian/patches/CVE-2016-2518.patch: check mode value in
ntpd/ntp_request.c.
- CVE-2016-2518
Checksums-Sha1:
578c47214c9c1b4d26b208e5bae33b3f00efa250 2350 ntp_4.2.8p4+dfsg-3ubuntu6.dsc
bf79a895e198c9d31bc3854a2d1411da5325d933 73024 ntp_4.2.8p4+dfsg-3ubuntu6.debian.tar.xz
Checksums-Sha256:
8af1fb90dc8f5d1e9f05d8b6ed2195659b99c46dd1e75e9e8928e59c488be302 2350 ntp_4.2.8p4+dfsg-3ubuntu6.dsc
c684a992e7f19a08c4618b3785643fef3a344a80dbd7a444a7d9f881810e0380 73024 ntp_4.2.8p4+dfsg-3ubuntu6.debian.tar.xz
Files:
1956d2933a110254bba83d7e28426fd9 2350 net optional ntp_4.2.8p4+dfsg-3ubuntu6.dsc
779c237f318e0cc7bc38b0b2e19d324a 73024 net optional ntp_4.2.8p4+dfsg-3ubuntu6.debian.tar.xz
Original-Maintainer: Debian NTP Team <pkg-ntp-maintainers at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJXTvKiAAoJEGVp2FWnRL6TEbQQAJ4d24hhQFd5MOT6mizyGKjm
lQgJpUHY4ZkhCPjE2GUnVoLge32DmYeB0y6WJXz3pmq16kbveXEvjmrHVD+T5K81
YfgwUSjI8c6lq2EyeHCi96P3e65OpWN+hMwDWtI+r39dAAPOmKuv/Klps0ISmdbr
SvIWcyBoTT623n9hzgnvbLbn3u2WTEfYVmyrFllFBs3w/f6ackwZdVZ487A6gyPS
SgfHnFaPK82zJZ4BMcvWPwYBtbOYKnO35LBOqKpztgeK7v36rwk1TfTS7oWvDrUC
SGh81BTHGJ1kT2uhxvp5QRXxp+l4zH3OOIKpdzXbaeW34WgtQ4n8qljPjCQpWWhy
BIyiPcBQNTUtYkIkZ2Vj63Z3kbEb+nvObVqTTyqldeQ/o733WkaGoDYTKqpcdAph
Vvbd0dcOHG+GTClU9RF8AUsi0O5AR+0nGegE47WfeoQAIyRF9plAgWHYyQwkRxsJ
orBwo3RYsJj34qw65bkJ8OnIn9w8XWjo1Gr5ISnWwH8TSBZG6LM9DUXDKR+GyjXV
uRJlm+/aqhMGTbzGFdK8tqLvb/5MvDsJnQ8nP9L0rsKKYcHjvMxsAuKBEj4lReHi
tLgmKVlYn6SmHfvIXdKAQ4hdjROs1S3SE8xmZ85zjeHDb5Ok0XQS/myg05aUeXGg
XaY9hyzdzP2xNgCV9wig
=GZHe
-----END PGP SIGNATURE-----
More information about the Yakkety-changes
mailing list