This bug was fixed in the package ntpsec - 1.1.0+dfsg1-1ubuntu0.2 --------------- ntpsec (1.1.0+dfsg1-1ubuntu0.2) bionic-security; urgency=medium
* Backport three commits from 1.1.3 to fix (LP: #1812458) - CVE-2019-6442: "An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y." - CVE-2019-6443: "Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd. - CVE-2019-6444: "process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd." - CVE-2019-6445: "An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem." -- Richard Laager <rlaa...@wiktel.com> Fri, 18 Jan 2019 20:07:06 -0600 ** Changed in: ntpsec (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1812458 Title: ntpsec security fixes for bionic & cosmic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntpsec/+bug/1812458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs