[Bug 1812458] Re: ntpsec security fixes for bionic & cosmic
This bug was fixed in the package ntpsec - 1.1.1+dfsg1-2ubuntu0.1 --- ntpsec (1.1.1+dfsg1-2ubuntu0.1) cosmic-security; urgency=medium * Backport three commits from 1.1.3 to fix (LP: #1812458) - CVE-2019-6442: "An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y." - CVE-2019-6443: "Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd. - CVE-2019-6444: "process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd." - CVE-2019-6445: "An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem." -- Richard Laager Fri, 18 Jan 2019 19:59:19 -0600 ** Changed in: ntpsec (Ubuntu Cosmic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1812458 Title: ntpsec security fixes for bionic & cosmic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntpsec/+bug/1812458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1812458] Re: ntpsec security fixes for bionic & cosmic
This bug was fixed in the package ntpsec - 1.1.0+dfsg1-1ubuntu0.2 --- ntpsec (1.1.0+dfsg1-1ubuntu0.2) bionic-security; urgency=medium * Backport three commits from 1.1.3 to fix (LP: #1812458) - CVE-2019-6442: "An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y." - CVE-2019-6443: "Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd. - CVE-2019-6444: "process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd." - CVE-2019-6445: "An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem." -- Richard Laager Fri, 18 Jan 2019 20:07:06 -0600 ** Changed in: ntpsec (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1812458 Title: ntpsec security fixes for bionic & cosmic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntpsec/+bug/1812458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1812458] Re: ntpsec security fixes for bionic & cosmic
ACK on the debdiffs in #5 and #6. I will build them as security updates and will release them tomorrow. Thanks! ** Changed in: ntpsec (Ubuntu Bionic) Status: Confirmed => Fix Committed ** Changed in: ntpsec (Ubuntu Cosmic) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1812458 Title: ntpsec security fixes for bionic & cosmic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntpsec/+bug/1812458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1812458] Re: ntpsec security fixes for bionic & cosmic
Thanks for the correction. Targeting -security makes obvious sense in hindsight, but I'm new to this. I've attached new debdiffs (bionic- security.debdiff and cosmic-security.debdiff) targeting the correct series. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1812458 Title: ntpsec security fixes for bionic & cosmic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntpsec/+bug/1812458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1812458] Re: ntpsec security fixes for bionic & cosmic
** Patch added: "Corrected debdiff for cosmic targetting cosmic-security" https://bugs.launchpad.net/ubuntu/+source/ntpsec/+bug/1812458/+attachment/5231596/+files/cosmic-security.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1812458 Title: ntpsec security fixes for bionic & cosmic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntpsec/+bug/1812458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1812458] Re: ntpsec security fixes for bionic & cosmic
** Patch added: "Corrected debdiff for bionic targetting bionic-security" https://bugs.launchpad.net/ubuntu/+source/ntpsec/+bug/1812458/+attachment/5231595/+files/bionic-security.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1812458 Title: ntpsec security fixes for bionic & cosmic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntpsec/+bug/1812458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1812458] Re: ntpsec security fixes for bionic & cosmic
Since this is a security bug and you've provided targeted fixes, I'm subscribing ubuntu-security-sponsors instead of ubuntu-sponsors. You might want to update the series in your patches from bionic-security to cosmic-security. https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue#Notes%20for%20Contributors Because the Ubuntu package did not have any changes compared to Debian and because we are in Debian Import Freeze, the version from unstable automatically synced so I removed that request from the bug description so it's easier to read here. ** Summary changed: - Sync ntpsec 1.1.3+dfsg1-1 (universe) from Debian sid (main) + ntpsec security fixes for bionic & cosmic ** Description changed: - For the sync request: - - I believe disco currently has 1.1.2+dfsg1-6. (packages.ubuntu.com is - broken, so it's harder than normal for me to tell.) There are no Ubuntu - changes for ntpsec in disco. 1.1.3+dfsg1-1 is the immediate next release - in Debian. - - ntpsec (1.1.3+dfsg1-1) unstable; urgency=high - - * New upstream version (Closes: 919513) - - Lots of typo fixes, documentation cleanups, test targets. - - CVE-2019-6442: "An authenticated attacker can write one byte out of - bounds in ntpd via a malformed config request, related to - config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and - yyerror in ntp_parser.y." - - CVE-2019-6443: "Because of a bug in ctl_getitem, there is a stack-based - buffer over-read in read_sysvars in ntp_control.c in ntpd. - - CVE-2019-6444: "process_control() in ntp_control.c has a stack-based - buffer over-read because attacker-controlled data is dereferenced by - ntohl() in ntpd." - - CVE-2019-6445: "An authenticated attacker can cause a NULL pointer - dereference and ntpd crash in ntp_control.c, related to ctl_getitem." - * Drop debian/patches/fix-ntploggps.patch (merged upstream) - * Refresh patches - * Revert "Use python3-gps" - At this time, python3-gps is only available in experimental. - * Disable the waf PYTHON_GPS check - * Update debian/copyright - * Fix ntpdate.8 documentation of -B - * Changes as of ntp_4.2.8p12+dfsg-3 have been merged as appropriate: - - Update ntpdate.8 from ntpdate.html - Thanks to Bernhard Schmidt - - Update ntpdate.README.Debian - Thanks to Bernhard Schmidt - - As a notable exception, while the ntp package has removed the ntpdate - hooks, I have not (yet?) done so in ntpsec. - * Set Rules-Requires-Root: no - * Sort debian/ntpsec.maintscript - - -- Richard Laager Thu, 17 Jan 2019 04:17:46 -0600 - - - NTPsec < 1.1.3 has the following CVEs: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6442 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6443 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6444 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6445 I am the maintainer of ntpsec in Debian. Debian has 1.1.3. Ubuntu needs the following: - - disco needs a sync from Debian. - cosmic needs the patches backported. - bionic needs the patches backported. I'm happy to do the work. BTW, these issues may impact the ntp package too, but I'm not sure that anyone (the original report, ntp upstream, or ntp in Debian) has evaluated that. ** Information type changed from Public to Public Security ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-6442 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-6443 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-6444 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-6445 ** Also affects: ntpsec (Ubuntu Cosmic) Importance: Undecided Status: New ** Also affects: ntpsec (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: ntpsec (Ubuntu) Status: Confirmed => Fix Released ** Changed in: ntpsec (Ubuntu Cosmic) Status: New => Confirmed ** Changed in: ntpsec (Ubuntu Bionic) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1812458 Title: ntpsec security fixes for bionic & cosmic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntpsec/+bug/1812458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
