UbuntuUpdates.org

Package "ntp"

Name: ntp

Description:

Network Time Protocol daemon and utility programs

Latest version: 1:4.2.8p4+dfsg-3ubuntu5.10
Release: xenial (16.04)
Level: updates
Repository: main
Homepage: http://support.ntp.org/

Links


Download "ntp"


Other versions of "ntp" in Xenial

Repository Area Version
base main 1:4.2.8p4+dfsg-3ubuntu5
security main 1:4.2.8p4+dfsg-3ubuntu5.10

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:4.2.8p4+dfsg-3ubuntu5.10 2020-01-07 20:06:14 UTC

  ntp (1:4.2.8p4+dfsg-3ubuntu5.10) xenial-security; urgency=medium

  * SECURITY UPDATE: crash or possible code execution via a long string as
    the ipv4 host argument
    - debian/patches/CVE-2018-12327.patch prevent overflow of host
      in openhost() in ntpq/ntpq.c and ntpdc/ntpdc.c.
    - CVE-2018-12327

 -- Mark Morlino <email address hidden> Mon, 06 Jan 2020 09:25:46 -0500

Source diff to previous version
CVE-2018-12327 Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges v

Version: 1:4.2.8p4+dfsg-3ubuntu5.9 2018-07-09 19:07:03 UTC

  ntp (1:4.2.8p4+dfsg-3ubuntu5.9) xenial-security; urgency=medium

  * SECURITY UPDATE: code execution via buffer overflow in decodearr
    - debian/patches/CVE-2018-7183.patch: prevent writing beyons limits in
      ntpq/ntpq.c.
    - CVE-2018-7183
  * SECURITY UPDATE: DoS via certain packets with a zero-origin timestamp
    - debian/patches/CVE-2018-7185.patch: add additional checks to
      ntpd/ntp_proto.c.
    - CVE-2018-7185

 -- Marc Deslauriers <email address hidden> Fri, 06 Jul 2018 15:34:25 -0400

Source diff to previous version
CVE-2018-7183 Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an
CVE-2018-7185 The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet

Version: 1:4.2.8p4+dfsg-3ubuntu5.8 2018-02-22 10:07:13 UTC

  ntp (1:4.2.8p4+dfsg-3ubuntu5.8) xenial; urgency=medium

  * d/apparmor-profile: fix denial checking for running ntpdate (LP: #1749389)

 -- Christian Ehrhardt <email address hidden> Wed, 14 Feb 2018 13:10:39 +0100

Source diff to previous version
1749389 ntpdate lock apparmor deny

Version: 1:4.2.8p4+dfsg-3ubuntu5.7 2017-09-20 16:06:42 UTC

  ntp (1:4.2.8p4+dfsg-3ubuntu5.7) xenial; urgency=medium

  * d/ntp.init: fix lock path to match the ntpdate ifup hook. Furthermore
    drop the usage of lockfile-progs calls and instead use flock directly.
    This is a backport of changes made in 1:4.2.8p7+dfsg-1 (LP: #1706818)

 -- Christian Ehrhardt <email address hidden> Tue, 05 Sep 2017 17:24:43 +0200

Source diff to previous version

Version: 1:4.2.8p4+dfsg-3ubuntu5.6 2017-07-28 02:06:53 UTC

  ntp (1:4.2.8p4+dfsg-3ubuntu5.6) xenial; urgency=medium

  * debian/ntpdate.if-up: Drop delta to stop/start service around ntpdate
    updates - fixes ntp restart storms due to network changes, fixes
    accidential start of ntp, avoids issues of ntpdate jumping too far while
    running ntp was supposed to drift (LP: #1593907)

 -- Christian Ehrhardt <email address hidden> Fri, 07 Jul 2017 07:56:45 +0200

1593907 ntpdate startup routine prevents ntp service from launching up on Ubuntu 16.04 server on system boot; manually starting ntp service works: [FIX in DE



About   -   Send Feedback to @ubuntu_updates