UbuntuUpdates.org

Package "ntpsec"

Name: ntpsec

Description:

Network Time Protocol daemon and utility programs
Latest version: 1.1.0+dfsg1-1ubuntu0.2
Release: bionic (18.04)
Level: updates
Repository: universe
Homepage: https://www.ntpsec.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ntpsec"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "ntpsec" in Bionic

Repository Area Version
security universe 1.1.0+dfsg1-1ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.1.0+dfsg1-1ubuntu0.2 2019-01-24 15:06:58 UTC

  ntpsec (1.1.0+dfsg1-1ubuntu0.2) bionic-security; urgency=medium

  * Backport three commits from 1.1.3 to fix (LP: #1812458)
    - CVE-2019-6442: "An authenticated attacker can write one byte out of
      bounds in ntpd via a malformed config request, related to
      config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and
      yyerror in ntp_parser.y."
    - CVE-2019-6443: "Because of a bug in ctl_getitem, there is a stack-based
      buffer over-read in read_sysvars in ntp_control.c in ntpd.
    - CVE-2019-6444: "process_control() in ntp_control.c has a stack-based
      buffer over-read because attacker-controlled data is dereferenced by
      ntohl() in ntpd."
    - CVE-2019-6445: "An authenticated attacker can cause a NULL pointer
      dereference and ntpd crash in ntp_control.c, related to ctl_getitem."

 -- Richard Laager <email address hidden> Fri, 18 Jan 2019 20:07:06 -0600
Source diff to previous version
1812458 ntpsec security fixes for bionic \u0026 cosmic
CVE-2019-6442 An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, re
CVE-2019-6443 An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_contr
CVE-2019-6444 An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled dat
CVE-2019-6445 An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, relat

Version: 1.1.0+dfsg1-1ubuntu0.1 2018-10-25 16:06:55 UTC

  ntpsec (1.1.0+dfsg1-1ubuntu0.1) bionic; urgency=medium

  * Update apparmor for new drift temp file (LP: #1788102)

 -- Richard Laager <email address hidden> Tue, 21 Aug 2018 00:27:21 -0500
1788102 ntpsec's ntpd fails to write ntp.drift file because of apparmor


About   -   Send Feedback to @ubuntu_updates