Your message dated Sun, 21 Dec 2014 22:05:29 +0000
with message-id <[email protected]>
and subject line Bug#773576: fixed in ntp 1:4.2.6.p5+dfsg-3.2
has caused the Debian Bug report #773576,
regarding ntp: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
773576: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773576
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ntp
Version: 1:4.2.6.p2+dfsg-1
Severity: grave
Tags: security upstream fixed-upstream
Hi,
the following vulnerabilities were published for ntp.
CVE-2014-9293[0]:
automatic generation of weak default key in config_auth()
CVE-2014-9294[1]:
ntp-keygen uses weak random number generator and seed when generating MD5 keys
CVE-2014-9295[2]:
Multiple buffer overflows via specially-crafted packets
CVE-2014-9296[3]:
receive() missing return on error
The corresponding Red Hat bugzilla entries contain as well some more
informations.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-9293
[1] https://security-tracker.debian.org/tracker/CVE-2014-9294
[2] https://security-tracker.debian.org/tracker/CVE-2014-9295
[3] https://security-tracker.debian.org/tracker/CVE-2014-9296
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ntp
Source-Version: 1:4.2.6.p5+dfsg-3.2
We believe that the bug you reported is fixed in the latest version of
ntp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
[email protected] (supplier of updated ntp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 21 Dec 2014 12:01:50 -0800
Source: ntp
Binary: ntp ntpdate ntp-doc
Architecture: source all amd64
Version: 1:4.2.6.p5+dfsg-3.2
Distribution: unstable
Urgency: medium
Maintainer: Debian NTP Team <[email protected]>
Changed-By: [email protected]
Description:
ntp - Network Time Protocol daemon and utility programs
ntp-doc - Network Time Protocol documentation
ntpdate - client for setting system time from NTP servers
Closes: 773576
Changes:
ntp (1:4.2.6.p5+dfsg-3.2) unstable; urgency=medium
.
* Non-maintainer upload.
* Apply fixes for security updates (Closes: 773576)
- cve-2014-9293
- cve-2014-9294
- cve-2014-9295
- cve-2014-9296
Checksums-Sha1:
3b5bfc45af6ec5a9cfbc39f632e9fe1c37f8863e 2209 ntp_4.2.6.p5+dfsg-3.2.dsc
7328a1ab364077efaefb08246eaa9014a8f5a119 76972
ntp_4.2.6.p5+dfsg-3.2.debian.tar.xz
6ba63d2b572d3d717dd5613fc44e10facbed0ec9 1030170
ntp-doc_4.2.6.p5+dfsg-3.2_all.deb
86be86e764104444f097c82419e70fbde1b1352d 390738 ntp_4.2.6.p5+dfsg-3.2_amd64.deb
81576247f57af71e63293fdf7b077e48413237e9 74026
ntpdate_4.2.6.p5+dfsg-3.2_amd64.deb
Checksums-Sha256:
a7f9cde056e1094b0ced5dfa29247cc0230ef0fe3169cc1043619271707d8482 2209
ntp_4.2.6.p5+dfsg-3.2.dsc
1232317376426add7741d68991c12aeb01a582e0d17fa02a718478ac35acade1 76972
ntp_4.2.6.p5+dfsg-3.2.debian.tar.xz
f30e3e28e9c135c30fb6d63fc16ea376495aef0c9cf7e1ba5acccdd972c07673 1030170
ntp-doc_4.2.6.p5+dfsg-3.2_all.deb
5456e3fbb0fee9785119e8932e2d17df13e317b23b26f268667d3d6f4a8e7619 390738
ntp_4.2.6.p5+dfsg-3.2_amd64.deb
04ec8136a760e3e64a4c326de7ea9c0b9a65cada5654966ebabdb030582482f4 74026
ntpdate_4.2.6.p5+dfsg-3.2_amd64.deb
Files:
b7f0a7352281653cca0d9644f1468bfb 2209 net optional ntp_4.2.6.p5+dfsg-3.2.dsc
640c712b0d4d173cf594478d3b0f2317 76972 net optional
ntp_4.2.6.p5+dfsg-3.2.debian.tar.xz
300720dc8a7df5e98af7683a7dd62e06 1030170 doc optional
ntp-doc_4.2.6.p5+dfsg-3.2_all.deb
5508c6ceb67438be76693febeefe284b 390738 net optional
ntp_4.2.6.p5+dfsg-3.2_amd64.deb
3eb7621e244e4c2476deaf5127a99b5a 74026 net optional
ntpdate_4.2.6.p5+dfsg-3.2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBVJcyyPYw89L1q13TAQjpmRAAuX4tPiph28IYplUnfmZRod8JZReuSRXL
eVRnwAU5dRXGy5QIdU2y53juhPLAR4ZwJt4pEDzjIf1xU8CpSwrFj4nOAmPLyNt9
gaQUZS6oYzgiY1HGvYNoqNKMFUt637jlcbcvx5RyD4HMGzh5DpryD76C8JmPv/cA
WuHrdxUj9aNIQt9loFMzAqFf3OQTHdmY1Nl549j9/4vPkuhK5wb+ftzc9SigcyEF
jfmvXMYndBVVL9KpcCX908HyqQiz+ybMEAgMFkOxO1rQXmfGFPmogGDX45n76MKN
yK0WZa7izBsSMYGxj5Mv5jlkIEENrJ71ELF0gCv9eTHVDNQ8jAhEkU78jeOGBKCs
UJytb/ivZsYMiOlmcCmy4EPBjtYhWCVqXrokUn0qq//RwrosV/TB5we1FddaJUsY
YhD1IYV/5ORpQPIGN4d1PJPQpxDCyZg83zWF1wBanN9YJzZrl1K8ywN/yu8jBqo6
LSv9PIsATPSF/X3vGlc6Ab++a2NYxbZtC5SniEeqHyNX+inOURAbEcNDwi47uQvY
Xun0O8wQ+DGyZysG2YbGZ5hJ/hTFqPGO84gXtXkHw9Xf+SMuc0inLNNEm5y9TbZQ
kAzsJ0Dgxip3jQg9oRqM2Qt4FIXOP2cWaKYX8bNAfQORGKPSS8nKo2NXtXws9i+7
M+8L56291zc=
=m8k5
-----END PGP SIGNATURE-----
--- End Message ---
