ntp (1:4.2.6.p3+dfsg-1ubuntu3.13) precise-security; urgency=medium

  * SECURITY UPDATE: crash or possible code execution via a long string as
    the ipv4 host argument
    - debian/patches/CVE-2018-12327.patch prevent overflow of host
      in openhost() in ntpq/ntpq.c and ntpdc/ntpdc.c.
    - CVE-2018-12327

ntp (1:4.2.6.p3+dfsg-1ubuntu3.12) precise-security; urgency=medium

  * SECURITY UPDATE: DoS via responses with a spoofed source address
    - debian/patches/CVE-2016-7426.patch: improve rate limiting in
      ntpd/ntp_proto.c.
    - CVE-2016-7426
  * SECURITY UPDATE: DoS via crafted broadcast mode packet
    - debian/patches/CVE-2016-7427-1.patch: improve replay prevention
      logic in ntpd/ntp_proto.c.
    - CVE-2016-7427
  * SECURITY UPDATE: DoS via poll interval in a broadcast packet
    - debian/patches/CVE-2016-7428.patch: ensure at least one poll interval
      has elapsed in ntpd/ntp_proto.c, include/ntp.h.
    - CVE-2016-7428
  * SECURITY UPDATE: traps can be set or unset via a crafted control mode
    packet
    - debian/patches/CVE-2016-9310.patch: require AUTH in
      ntpd/ntp_control.c.
    - CVE-2016-9310
  * SECURITY UPDATE: DoS when trap service is enabled
    - debian/patches/CVE-2016-9311.patch: make sure peer events are
      associated with a peer in ntpd/ntp_control.c.
    - CVE-2016-9311
  * SECURITY UPDATE: buffer overflow in DPTS refclock driver
    - debian/patches/CVE-2017-6462.patch: don't overrun buffer in
      ntpd/refclock_datum.c.
    - CVE-2017-6462
  * SECURITY UPDATE: DoS via invalid setting in a :config directive
    - debian/patches/CVE-2017-6463.patch: protect against overflow in
      ntpd/ntp_config.c.
    - CVE-2017-6463
  * SECURITY UPDATE: code execution via buffer overflow in decodearr
    - debian/patches/CVE-2018-7183.patch: prevent writing beyons limits in
      ntpq/ntpq.c.
    - CVE-2018-7183
  * SECURITY UPDATE: DoS via certain packets with a zero-origin timestamp
    - debian/patches/CVE-2018-7185.patch: add additional checks to
      ntpd/ntp_proto.c.
    - CVE-2018-7185

Date: 2020-01-06 15:01:15.071496+00:00
Changed-By: Mark Morlino <mark.morl...@canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-ro...@lists.canonical.com>
https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.13
Sorry, changesfile not available.
-- 
Precise-changes mailing list
Precise-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/precise-changes

Reply via email to