[Touch-packages] [Bug 1404648] Re: security issues in ntp

Mon, 22 Dec 2014 05:51:07 -0800 

http://www.ubuntu.com/usn/usn-2449-1/

** Changed in: ntp (Ubuntu Lucid)
       Status: In Progress => Fix Released

** Changed in: ntp (Ubuntu Precise)
       Status: In Progress => Fix Released

** Changed in: ntp (Ubuntu Trusty)
       Status: In Progress => Fix Released

** Changed in: ntp (Ubuntu Utopic)
       Status: In Progress => Fix Released

** Changed in: ntp (Ubuntu)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1404648

Title:
  security issues in ntp

Status in ntp package in Ubuntu:
  Fix Released
Status in ntp source package in Lucid:
  Fix Released
Status in ntp source package in Precise:
  Fix Released
Status in ntp source package in Trusty:
  Fix Released
Status in ntp source package in Utopic:
  Fix Released

Bug description:
  http://support.ntp.org/bin/view/Main/SecurityNotice
  lists 4 issues:

  Buffer overflow in crypto_recv()
  References: Sec 2667 / CVE-2014-9295 / VU#852879
  CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5
  Versions: All releases before 4.2.8
  Date Resolved: Stable (4.2.8) 18 Dec 2014

  Buffer overflow in ctl_putdata()
  References: Sec 2668 / CVE-2014-9295 / VU#852879
  Versions: All NTP4 releases before 4.2.8
  CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5
  Date Resolved: Stable (4.2.8) 18 Dec 2014

  Buffer overflow in configure()
  References: Sec 2669 / CVE-2014-9295 / VU#852879
  Versions: All NTP4 releases before 4.2.8
  CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5
  Date Resolved: Stable (4.2.8) 18 Dec 2014

  receive(): missing return on error
  References: Sec 2670 / CVE-2014-9296 / VU#852879
  Versions: All NTP4 releases before 4.2.8
  CVSS: (AV:N/AC:L/Au:N/C:N/I:N/A:P) Base Score: 5.0
  Date Resolved: Stable (4.2.8) 18 Dec 2014

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: ntp 1:4.2.6.p5+dfsg-3ubuntu2
  ProcVersionSignature: Ubuntu 3.13.0-39.66-lowlatency 3.13.11.8
  Uname: Linux 3.13.0-39-lowlatency x86_64
  ApportVersion: 2.14.1-0ubuntu3.6
  Architecture: amd64
  Date: Sun Dec 21 13:24:35 2014
  InstallationDate: Installed on 2012-08-23 (849 days ago)
  InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release amd64 
(20120424.1)
  KernLog:
   
  SourcePackage: ntp
  UpgradeStatus: Upgraded to trusty on 2014-03-02 (293 days ago)
  modified.conffile..etc.ntp.conf: [modified]
  mtime.conffile..etc.ntp.conf: 2014-06-02T17:06:11.921841

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1404648/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to