This bug was fixed in the package ntp - 1:4.2.8p10+dfsg-5ubuntu7.3
---------------
ntp (1:4.2.8p10+dfsg-5ubuntu7.3) bionic-security; urgency=medium
* SECURITY UPDATE: Null dereference attack in mode 6 packet (LP: #1891953)
- debian/patches/CVE-2019-8936.patch: Guard against operations
on NULL pointer in ntpd/ntp_control.c.
- CVE-2019-8936
-- Brian Morton <[email protected]> Mon, 17 Aug 2020 21:58:51 -0400
** Changed in: ntp (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1891953
Title:
CVE-2019-8936
Status in ntp package in Ubuntu:
Fix Released
Status in ntp package in Debian:
Fix Released
Bug description:
It was discovered that the fix for CVE-2018-7182 introduced a NULL pointer
dereference into NTP. An attacker could use this vulnerability to cause a
denial of service (crash).
https://people.canonical.com/~ubuntu-
security/cve/2019/CVE-2019-8936.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1891953/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
