http://www.ubuntu.com/usn/usn-2449-1/
** Changed in: ntp (Ubuntu Lucid) Status: In Progress => Fix Released ** Changed in: ntp (Ubuntu Precise) Status: In Progress => Fix Released ** Changed in: ntp (Ubuntu Trusty) Status: In Progress => Fix Released ** Changed in: ntp (Ubuntu Utopic) Status: In Progress => Fix Released ** Changed in: ntp (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1404648 Title: security issues in ntp Status in ntp package in Ubuntu: Fix Released Status in ntp source package in Lucid: Fix Released Status in ntp source package in Precise: Fix Released Status in ntp source package in Trusty: Fix Released Status in ntp source package in Utopic: Fix Released Bug description: http://support.ntp.org/bin/view/Main/SecurityNotice lists 4 issues: Buffer overflow in crypto_recv() References: Sec 2667 / CVE-2014-9295 / VU#852879 CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5 Versions: All releases before 4.2.8 Date Resolved: Stable (4.2.8) 18 Dec 2014 Buffer overflow in ctl_putdata() References: Sec 2668 / CVE-2014-9295 / VU#852879 Versions: All NTP4 releases before 4.2.8 CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5 Date Resolved: Stable (4.2.8) 18 Dec 2014 Buffer overflow in configure() References: Sec 2669 / CVE-2014-9295 / VU#852879 Versions: All NTP4 releases before 4.2.8 CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5 Date Resolved: Stable (4.2.8) 18 Dec 2014 receive(): missing return on error References: Sec 2670 / CVE-2014-9296 / VU#852879 Versions: All NTP4 releases before 4.2.8 CVSS: (AV:N/AC:L/Au:N/C:N/I:N/A:P) Base Score: 5.0 Date Resolved: Stable (4.2.8) 18 Dec 2014 ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: ntp 1:4.2.6.p5+dfsg-3ubuntu2 ProcVersionSignature: Ubuntu 3.13.0-39.66-lowlatency 3.13.11.8 Uname: Linux 3.13.0-39-lowlatency x86_64 ApportVersion: 2.14.1-0ubuntu3.6 Architecture: amd64 Date: Sun Dec 21 13:24:35 2014 InstallationDate: Installed on 2012-08-23 (849 days ago) InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release amd64 (20120424.1) KernLog: SourcePackage: ntp UpgradeStatus: Upgraded to trusty on 2014-03-02 (293 days ago) modified.conffile..etc.ntp.conf: [modified] mtime.conffile..etc.ntp.conf: 2014-06-02T17:06:11.921841 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1404648/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp