[ubuntu/yakkety-updates] ntp 1:4.2.8p8+dfsg-1ubuntu2.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Jul 5 19:04:04 UTC 2017
ntp (1:4.2.8p8+dfsg-1ubuntu2.1) yakkety-security; urgency=medium
* SECURITY UPDATE: DoS via responses with a spoofed source address
- debian/patches/CVE-2016-7426.patch: improve rate limiting in
ntpd/ntp_proto.c.
- CVE-2016-7426
* SECURITY UPDATE: DoS via crafted broadcast mode packet
- debian/patches/CVE-2016-7427-1.patch: improve replay prevention
logic in ntpd/ntp_proto.c.
- debian/patches/CVE-2016-7427-2.patch: add bcpollbstep option to
html/miscopt.html, include/ntp.h, include/ntpd.h,
ntpd/complete.conf.in, ntpd/invoke-ntp.conf.texi, ntpd/keyword-gen.c,
ntpd/ntp.conf.5man, ntpd/ntp.conf.5mdoc, ntpd/ntp.conf.def,
ntpd/ntp.conf.man.in, ntpd/ntp.conf.mdoc.in, ntpd/ntp_config.c,
ntpd/ntp_keyword.h, ntpd/ntp_parser.y, ntpd/ntp_proto.c.
- CVE-2016-7427
* SECURITY UPDATE: DoS via poll interval in a broadcast packet
- debian/patches/CVE-2016-7428.patch: ensure at least one poll interval
has elapsed in ntpd/ntp_proto.c, include/ntp.h.
- CVE-2016-7428
* SECURITY UPDATE: DoS via response for a source to an interface the
source does not use
- debian/patches/CVE-2016-7429-1.patch: add extra checks to
ntpd/ntp_peer.c.
- debian/patches/CVE-2016-7429-2.patch: check for NULL first in
ntpd/ntp_peer.c.
- debian/patches/CVE-2016-7429-3.patch: fix multicastclient regression
in ntpd/ntp_peer.c.
- CVE-2016-7429
* SECURITY UPDATE: origin timestamp protection mechanism bypass
- debian/patches/CVE-2016-7431.patch: handle zero origin in
ntpd/ntp_proto.c.
- CVE-2016-7431
* SECURITY UPDATE: incorrect initial sync calculations
- debian/patches/CVE-2016-7433.patch: use peer dispersion in
ntpd/ntp_proto.c.
- CVE-2016-7433
* SECURITY UPDATE: DoS via crafted mrulist query
- debian/patches/CVE-2016-7434.patch: added missing parameter
validation to ntpd/ntp_control.c.
- CVE-2016-7434
* SECURITY UPDATE: DoS in the origin timestamp check
- debian/patches/CVE-2016-9042.patch: comment out broken code in
ntpd/ntp_proto.c.
- CVE-2016-9042
* SECURITY UPDATE: traps can be set or unset via a crafted control mode
packet
- debian/patches/CVE-2016-9310.patch: require AUTH in
ntpd/ntp_control.c.
- CVE-2016-9310
* SECURITY UPDATE: DoS when trap service is enabled
- debian/patches/CVE-2016-9311.patch: make sure peer events are
associated with a peer in ntpd/ntp_control.c.
- CVE-2016-9311
* SECURITY UPDATE: potential Overflows in ctl_put() functions
- debian/patches/CVE-2017-6458.patch: check lengths in
ntpd/ntp_control.c.
- CVE-2017-6458
* SECURITY UPDATE: overflow via long flagstr variable
- debian/patches/CVE-2017-6460.patch: check length in ntpq/ntpq-subs.c.
- CVE-2017-6460
* SECURITY UPDATE: buffer overflow in DPTS refclock driver
- debian/patches/CVE-2017-6462.patch: don't overrun buffer in
ntpd/refclock_datum.c.
- CVE-2017-6462
* SECURITY UPDATE: DoS via invalid setting in a :config directive
- debian/patches/CVE-2017-6463.patch: protect against overflow in
ntpd/ntp_config.c.
- CVE-2017-6463
* SECURITY UPDATE: Dos via malformed mode configuration directive
- debian/patches/CVE-2017-6464.patch: validate directives in
ntpd/ntp_config.c, ntpd/ntp_proto.c.
- CVE-2017-6464
Date: 2017-06-28 18:03:20.549404+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p8+dfsg-1ubuntu2.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Yakkety-changes
mailing list