touch-packages team mailing list archive

Thread
Date

[Bug 1404648] Re: security issues in ntp

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>
Date: Mon, 22 Dec 2014 13:41:05 -0000
Reply-to: Bug 1404648 <1404648@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

http://www.ubuntu.com/usn/usn-2449-1/

** Changed in: ntp (Ubuntu Lucid)
       Status: In Progress => Fix Released

** Changed in: ntp (Ubuntu Precise)
       Status: In Progress => Fix Released

** Changed in: ntp (Ubuntu Trusty)
       Status: In Progress => Fix Released

** Changed in: ntp (Ubuntu Utopic)
       Status: In Progress => Fix Released

** Changed in: ntp (Ubuntu)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1404648

Title:
  security issues in ntp

Status in ntp package in Ubuntu:
  Fix Released
Status in ntp source package in Lucid:
  Fix Released
Status in ntp source package in Precise:
  Fix Released
Status in ntp source package in Trusty:
  Fix Released
Status in ntp source package in Utopic:
  Fix Released

Bug description:
  http://support.ntp.org/bin/view/Main/SecurityNotice
  lists 4 issues:

  Buffer overflow in crypto_recv()
  References: Sec 2667 / CVE-2014-9295 / VU#852879
  CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5
  Versions: All releases before 4.2.8
  Date Resolved: Stable (4.2.8) 18 Dec 2014

  Buffer overflow in ctl_putdata()
  References: Sec 2668 / CVE-2014-9295 / VU#852879
  Versions: All NTP4 releases before 4.2.8
  CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5
  Date Resolved: Stable (4.2.8) 18 Dec 2014

  Buffer overflow in configure()
  References: Sec 2669 / CVE-2014-9295 / VU#852879
  Versions: All NTP4 releases before 4.2.8
  CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5
  Date Resolved: Stable (4.2.8) 18 Dec 2014

  receive(): missing return on error
  References: Sec 2670 / CVE-2014-9296 / VU#852879
  Versions: All NTP4 releases before 4.2.8
  CVSS: (AV:N/AC:L/Au:N/C:N/I:N/A:P) Base Score: 5.0
  Date Resolved: Stable (4.2.8) 18 Dec 2014

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: ntp 1:4.2.6.p5+dfsg-3ubuntu2
  ProcVersionSignature: Ubuntu 3.13.0-39.66-lowlatency 3.13.11.8
  Uname: Linux 3.13.0-39-lowlatency x86_64
  ApportVersion: 2.14.1-0ubuntu3.6
  Architecture: amd64
  Date: Sun Dec 21 13:24:35 2014
  InstallationDate: Installed on 2012-08-23 (849 days ago)
  InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release amd64 (20120424.1)
  KernLog:
   
  SourcePackage: ntp
  UpgradeStatus: Upgraded to trusty on 2014-03-02 (293 days ago)
  modified.conffile..etc.ntp.conf: [modified]
  mtime.conffile..etc.ntp.conf: 2014-06-02T17:06:11.921841

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1404648/+subscriptions