In article 0oppv6-s2s@gateway.py.meinberg.de, Martin Burnicki
martin.burni...@meinberg.de writes:
Martin What I've disliked is that the announcement of 4.2.6 emphasizes the
Martin latest security fix only, which is also in 4.2.4p8.
Agreed, and I was massively time-crunched and didn't have
On Sat, 12 Dec 2009 11:51:46 -0500,
NTP Public Services Project webmas...@ntp.org wrote:
* If an attacker spoofs an address of ntpd host A in a mode 7 response
packet sent to ntpd host A, A will respond to itself endlessly,
Academic, but is that true? I thought the ntpport, interface, ignore
Dave Hart wrote:
On Dec 15, 10:25 UTC, Martin Burnicki wrote:
4.2.6 contains a real bunch of changes against 4.2.4p8 which have not
been mentioned here, but significantly change the way ntpd works, so
users should carefully check if they want to upgrade to 4.2.6 right now.
NTP Public Services Project wrote:
[...]
This release fixes the following high-severity vulnerability:
* [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
http://bugs.ntp.org/1331
See http://support.ntp.org/security for more information.
This security fix is also in 4.2.4p8.
Even a
On Dec 15, 10:25 UTC, Martin Burnicki wrote:
4.2.6 contains a real bunch of changes against 4.2.4p8 which have not been
mentioned here, but significantly change the way ntpd works, so users
should carefully check if they want to upgrade to 4.2.6 right now.
Redwood City, CA - 2009/12/12 - The NTP Public Services Project
(http://support.ntp.org/) is pleased to announce that NTP 4.2.6,
a Stable Release of the NTP Reference Implementation from the
NTP Project, is now available at http://www.ntp.org/downloads.html and
http://support.ntp.org/download.