ntp (1:4.2.8p4+dfsg-3ubuntu5.9) xenial-security; urgency=medium * SECURITY UPDATE: code execution via buffer overflow in decodearr - debian/patches/CVE-2018-7183.patch: prevent writing beyons limits in ntpq/ntpq.c. - CVE-2018-7183 * SECURITY UPDATE: DoS via certain packets with a zero-origin timestamp - debian/patches/CVE-2018-7185.patch: add additional checks to ntpd/ntp_proto.c. - CVE-2018-7185 -- Marc Deslauriers Fri, 06 Jul 2018 15:34:25 -0400 ntp (1:4.2.8p4+dfsg-3ubuntu5.8) xenial; urgency=medium * d/apparmor-profile: fix denial checking for running ntpdate (LP: #1749389) -- Christian Ehrhardt Wed, 14 Feb 2018 13:10:39 +0100 ntp (1:4.2.8p4+dfsg-3ubuntu5.7) xenial; urgency=medium * d/ntp.init: fix lock path to match the ntpdate ifup hook. Furthermore drop the usage of lockfile-progs calls and instead use flock directly. This is a backport of changes made in 1:4.2.8p7+dfsg-1 (LP: #1706818) -- Christian Ehrhardt Tue, 05 Sep 2017 17:24:43 +0200 ntp (1:4.2.8p4+dfsg-3ubuntu5.6) xenial; urgency=medium * debian/ntpdate.if-up: Drop delta to stop/start service around ntpdate updates - fixes ntp restart storms due to network changes, fixes accidential start of ntp, avoids issues of ntpdate jumping too far while running ntp was supposed to drift (LP: #1593907) -- Christian Ehrhardt Fri, 07 Jul 2017 07:56:45 +0200 ntp (1:4.2.8p4+dfsg-3ubuntu5.5) xenial-security; urgency=medium * SECURITY UPDATE: DoS via large request data value - debian/patches/CVE-2016-2519.patch: check packet in ntpd/ntp_control.c. - CVE-2016-2519 * SECURITY UPDATE: DoS via responses with a spoofed source address - debian/patches/CVE-2016-7426.patch: improve rate limiting in ntpd/ntp_proto.c. - CVE-2016-7426 * SECURITY UPDATE: DoS via crafted broadcast mode packet - debian/patches/CVE-2016-7427-1.patch: improve replay prevention logic in ntpd/ntp_proto.c. - CVE-2016-7427 * SECURITY UPDATE: DoS via poll interval in a broadcast packet - debian/patches/CVE-2016-7428.patch: ensure at least one poll interval has elapsed in ntpd/ntp_proto.c, include/ntp.h. - CVE-2016-7428 * SECURITY UPDATE: DoS via response for a source to an interface the source does not use - debian/patches/CVE-2016-7429-1.patch: add extra checks to ntpd/ntp_peer.c. - debian/patches/CVE-2016-7429-2.patch: check for NULL first in ntpd/ntp_peer.c. - debian/patches/CVE-2016-7429-3.patch: fix multicastclient regression in ntpd/ntp_peer.c. - CVE-2016-7429 * SECURITY UPDATE: incorrect initial sync calculations - debian/patches/CVE-2016-7433.patch: use peer dispersion in ntpd/ntp_proto.c. - CVE-2016-7433 * SECURITY UPDATE: DoS via crafted mrulist query - debian/patches/CVE-2016-7434.patch: added missing parameter validation to ntpd/ntp_control.c. - CVE-2016-7434 * SECURITY UPDATE: traps can be set or unset via a crafted control mode packet - debian/patches/CVE-2016-9310.patch: require AUTH in ntpd/ntp_control.c. - CVE-2016-9310 * SECURITY UPDATE: DoS when trap service is enabled - debian/patches/CVE-2016-9311.patch: make sure peer events are associated with a peer in ntpd/ntp_control.c. - CVE-2016-9311 * SECURITY UPDATE: potential Overflows in ctl_put() functions - debian/patches/CVE-2017-6458.patch: check lengths in ntpd/ntp_control.c. - CVE-2017-6458 * SECURITY UPDATE: overflow via long flagstr variable - debian/patches/CVE-2017-6460.patch: check length in ntpq/ntpq-subs.c. - CVE-2017-6460 * SECURITY UPDATE: buffer overflow in DPTS refclock driver - debian/patches/CVE-2017-6462.patch: don't overrun buffer in ntpd/refclock_datum.c. - CVE-2017-6462 * SECURITY UPDATE: DoS via invalid setting in a :config directive - debian/patches/CVE-2017-6463.patch: protect against overflow in ntpd/ntp_config.c. - CVE-2017-6463 * SECURITY UPDATE: Dos via malformed mode configuration directive - debian/patches/CVE-2017-6464.patch: validate directives in ntpd/ntp_config.c, ntpd/ntp_proto.c. - CVE-2017-6464 -- Marc Deslauriers Wed, 28 Jun 2017 10:23:27 -0400 ntp (1:4.2.8p4+dfsg-3ubuntu5.4) xenial; urgency=medium * Fix ntp.dhcp to also check for pool and better handle spaces and tabs. (LP: #1656801) -- Phil Roche Thu, 19 Jan 2017 11:06:04 +0000 ntp (1:4.2.8p4+dfsg-3ubuntu5.3) xenial-security; urgency=medium * SECURITY UPDATE: Deja Vu replay attack on authenticated broadcast mode - debian/patches/CVE-2015-7973.patch: improve timestamp verification in include/ntp.h, ntpd/ntp_proto.c. - CVE-2015-7973 * SECURITY UPDATE: impersonation between authenticated peers - debian/patches/CVE-2015-7974.patch: check key ID in ntpd/ntp_proto.c. - CVE-2015-7974 * SECURITY UPDATE: ntpq buffer overflow - debian/patches/CVE-2015-7975.patch: add length check to ntpq/ntpq.c. - CVE-2015-7975 * SECURITY UPDATE: ntpq saveconfig command allows dangerous characters in filenames - debian/patches/CVE-2015-7976.patch: check filename in ntpd/ntp_control.c. - CVE-2015-7976 * SECURITY UPDATE: restrict list denial of service - debian/patches/CVE-2015-7977-7978.patch: improve restrict list processing in ntpd/ntp_request.c. - CVE-2015-7977 - CVE-2015-7978 * SECURITY UPDATE: authenticated broadcast mode off-path denial of service - debian/patches/CVE-2015-7979.patch: add more checks to ntpd/ntp_proto.c. - CVE-2015-7979 - CVE-2016-1547 * SECURITY UPDATE: Zero Origin Timestamp Bypass - debian/patches/CVE-2015-8138.patch: check p_org in ntpd/ntp_proto.c. - CVE-2015-8138 * SECURITY UPDATE: potential infinite loop in ntpq - debian/patches/CVE-2015-8158.patch: add time checks to ntpdc/ntpdc.c, ntpq/ntpq.c. - CVE-2015-8158 * SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050) - debian/ntp.cron.daily: fix security issues, patch thanks to halfdog! - CVE-2016-0727 * SECURITY UPDATE: time spoofing via interleaved symmetric mode - debian/patches/CVE-2016-1548.patch: check for bogus packets in ntpd/ntp_proto.c. - CVE-2016-1548 * SECURITY UPDATE: buffer comparison timing attacks - debian/patches/CVE-2016-1550.patch: use CRYPTO_memcmp in libntp/a_md5encrypt.c, sntp/crypto.c. - CVE-2016-1550 * SECURITY UPDATE: DoS via duplicate IPs on unconfig directives - debian/patches/CVE-2016-2516.patch: improve logic in ntpd/ntp_request.c. - CVE-2016-2516 * SECURITY UPDATE: denial of service via crafted addpeer - debian/patches/CVE-2016-2518.patch: check mode value in ntpd/ntp_request.c. - CVE-2016-2518 * SECURITY UPDATE: denial of service via spoofed packets - debian/patches/CVE-2016-4954.patch: discard packet that fails tests in ntpd/ntp_proto.c. - CVE-2016-4954 * SECURITY UPDATE: denial of service via spoofed crypto-NAK or incorrect MAC - debian/patches/CVE-2016-4955.patch: fix checks in ntpd/ntp_proto.c. - CVE-2016-4955 * SECURITY UPDATE: denial of service via spoofed broadcast packet - debian/patches/CVE-2016-4956.patch: properly handle switch in broadcast interleaved mode in ntpd/ntp_proto.c. - CVE-2016-4956 -- Marc Deslauriers Wed, 05 Oct 2016 08:01:29 -0400 ntp (1:4.2.8p4+dfsg-3ubuntu5.2) xenial; urgency=medium * Fix ntpdate-debian to be able to parse new config of ntp (LP: #1576698) -- Christian Ehrhardt Tue, 20 Sep 2016 14:24:29 +0200 ntp (1:4.2.8p4+dfsg-3ubuntu5.1) xenial; urgency=medium * d/p/ntp-4.2.8p4-segfaults-[1-3]-3.patch fix startup crashes by including Juergen Perlinger's work on upstream bugs 2954 and 2831 to fix those (LP: #1567540). -- Christian Ehrhardt Mon, 01 Aug 2016 10:50:52 +0200 ntp (1:4.2.8p4+dfsg-3ubuntu5) xenial; urgency=medium * debian/apparmor-profile: allow 'rw' access to /dev/pps[0-9]* devices. Patch thanks to Mark Shuttleworth. (LP: #1564832) -- Jamie Strandboge Thu, 07 Apr 2016 15:12:41 -0500 # For older changelog entries, run 'apt-get changelog ntp'