[ubuntu/zesty-security] ntp 1:4.2.8p9+dfsg-2ubuntu1.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Wed Jul 5 17:56:02 UTC 2017


ntp (1:4.2.8p9+dfsg-2ubuntu1.1) zesty-security; urgency=medium

  * SECURITY UPDATE: DoS in the origin timestamp check
    - debian/patches/CVE-2016-9042.patch: comment out broken code in
      ntpd/ntp_proto.c.
    - CVE-2016-9042
  * SECURITY UPDATE: potential Overflows in ctl_put() functions
    - debian/patches/CVE-2017-6458.patch: check lengths in
      ntpd/ntp_control.c.
    - CVE-2017-6458
  * SECURITY UPDATE: overflow via long flagstr variable
    - debian/patches/CVE-2017-6460.patch: check length in ntpq/ntpq-subs.c.
    - CVE-2017-6460
  * SECURITY UPDATE: buffer overflow in DPTS refclock driver
    - debian/patches/CVE-2017-6462.patch: don't overrun buffer in
      ntpd/refclock_datum.c.
    - CVE-2017-6462
  * SECURITY UPDATE: DoS via invalid setting in a :config directive
    - debian/patches/CVE-2017-6463.patch: protect against overflow in
      ntpd/ntp_config.c.
    - CVE-2017-6463
  * SECURITY UPDATE: Dos via malformed mode configuration directive
    - debian/patches/CVE-2017-6464.patch: validate directives in
      ntpd/ntp_config.c, ntpd/ntp_proto.c.
    - CVE-2017-6464

Date: 2017-06-28 18:02:29.216680+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p9+dfsg-2ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Zesty-changes mailing list