#13221 closed enhancement (fixed)
ntp-4.2.8p14
Reported by: | Bruce Dubbs | Owned by: | Bruce Dubbs |
---|---|---|---|
Priority: | high | Milestone: | 10.0 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description
New patch version.
Change History (6)
comment:1 by , 5 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:2 by , 5 years ago
comment:3 by , 5 years ago
Priority: | normal → high |
---|
Mark as high due to security vulnerability fixes (3 of them)
Note:
See TracTickets
for help on using tickets.
NTP 4.2.8p14 (Harlan Stenn <stenn@…>, 2020 Mar 03)
Focus: Security, Bug fixes, enhancements.
Severity: MEDIUM
This release fixes three vulnerabilities: a bug that causes causes an ntpd instance that is explicitly configured to override the default and allow ntpdc (mode 7) connections to be made to a server to read some uninitialized memory; fixes the case where an unmonitored ntpd using an unauthenticated association to its servers may be susceptible to a forged packet DoS attack; and fixes an attack against a client instance that uses a single unauthenticated time source. It also fixes 46 other bugs and addresses 4 other issues.