ubuntu/+source/ntp:applied/ubuntu/yakkety-security

Last commit made on 2017-07-05
Get this branch:
git clone -b applied/ubuntu/yakkety-security https://git.launchpad.net/ubuntu/+source/ntp
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/yakkety-security
Repository:
lp:ubuntu/+source/ntp

Recent commits

5f20562... by Marc Deslauriers on 2017-06-28

Import patches-applied version 1:4.2.8p8+dfsg-1ubuntu2.1 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 14d34b19ed66b64f709e07a0d7edfa784516f742
Unapplied parent: 7b19d60bd73197400e7bf376aae4389a585ddc12

New changelog entries:
  * SECURITY UPDATE: DoS via responses with a spoofed source address
    - debian/patches/CVE-2016-7426.patch: improve rate limiting in
      ntpd/ntp_proto.c.
    - CVE-2016-7426
  * SECURITY UPDATE: DoS via crafted broadcast mode packet
    - debian/patches/CVE-2016-7427-1.patch: improve replay prevention
      logic in ntpd/ntp_proto.c.
    - debian/patches/CVE-2016-7427-2.patch: add bcpollbstep option to
      html/miscopt.html, include/ntp.h, include/ntpd.h,
      ntpd/complete.conf.in, ntpd/invoke-ntp.conf.texi, ntpd/keyword-gen.c,
      ntpd/ntp.conf.5man, ntpd/ntp.conf.5mdoc, ntpd/ntp.conf.def,
      ntpd/ntp.conf.man.in, ntpd/ntp.conf.mdoc.in, ntpd/ntp_config.c,
      ntpd/ntp_keyword.h, ntpd/ntp_parser.y, ntpd/ntp_proto.c.
    - CVE-2016-7427
  * SECURITY UPDATE: DoS via poll interval in a broadcast packet
    - debian/patches/CVE-2016-7428.patch: ensure at least one poll interval
      has elapsed in ntpd/ntp_proto.c, include/ntp.h.
    - CVE-2016-7428
  * SECURITY UPDATE: DoS via response for a source to an interface the
    source does not use
    - debian/patches/CVE-2016-7429-1.patch: add extra checks to
      ntpd/ntp_peer.c.
    - debian/patches/CVE-2016-7429-2.patch: check for NULL first in
      ntpd/ntp_peer.c.
    - debian/patches/CVE-2016-7429-3.patch: fix multicastclient regression
      in ntpd/ntp_peer.c.
    - CVE-2016-7429
  * SECURITY UPDATE: origin timestamp protection mechanism bypass
    - debian/patches/CVE-2016-7431.patch: handle zero origin in
      ntpd/ntp_proto.c.
    - CVE-2016-7431
  * SECURITY UPDATE: incorrect initial sync calculations
    - debian/patches/CVE-2016-7433.patch: use peer dispersion in
      ntpd/ntp_proto.c.
    - CVE-2016-7433
  * SECURITY UPDATE: DoS via crafted mrulist query
    - debian/patches/CVE-2016-7434.patch: added missing parameter
      validation to ntpd/ntp_control.c.
    - CVE-2016-7434
  * SECURITY UPDATE: DoS in the origin timestamp check
    - debian/patches/CVE-2016-9042.patch: comment out broken code in
      ntpd/ntp_proto.c.
    - CVE-2016-9042
  * SECURITY UPDATE: traps can be set or unset via a crafted control mode
    packet
    - debian/patches/CVE-2016-9310.patch: require AUTH in
      ntpd/ntp_control.c.
    - CVE-2016-9310
  * SECURITY UPDATE: DoS when trap service is enabled
    - debian/patches/CVE-2016-9311.patch: make sure peer events are
      associated with a peer in ntpd/ntp_control.c.
    - CVE-2016-9311
  * SECURITY UPDATE: potential Overflows in ctl_put() functions
    - debian/patches/CVE-2017-6458.patch: check lengths in
      ntpd/ntp_control.c.
    - CVE-2017-6458
  * SECURITY UPDATE: overflow via long flagstr variable
    - debian/patches/CVE-2017-6460.patch: check length in ntpq/ntpq-subs.c.
    - CVE-2017-6460
  * SECURITY UPDATE: buffer overflow in DPTS refclock driver
    - debian/patches/CVE-2017-6462.patch: don't overrun buffer in
      ntpd/refclock_datum.c.
    - CVE-2017-6462
  * SECURITY UPDATE: DoS via invalid setting in a :config directive
    - debian/patches/CVE-2017-6463.patch: protect against overflow in
      ntpd/ntp_config.c.
    - CVE-2017-6463
  * SECURITY UPDATE: Dos via malformed mode configuration directive
    - debian/patches/CVE-2017-6464.patch: validate directives in
      ntpd/ntp_config.c, ntpd/ntp_proto.c.
    - CVE-2017-6464

7b19d60... by Marc Deslauriers on 2017-06-28

CVE-2017-6464.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2017-6464.patch.

7a1ca30... by Marc Deslauriers on 2017-06-28

CVE-2017-6463.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2017-6463.patch.

8235fc5... by Marc Deslauriers on 2017-06-28

CVE-2017-6462.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2017-6462.patch.

c13a172... by Marc Deslauriers on 2017-06-28

CVE-2017-6460.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2017-6460.patch.

78bea24... by Marc Deslauriers on 2017-06-28

CVE-2017-6458.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2017-6458.patch.

1164175... by Marc Deslauriers on 2017-06-28

CVE-2016-9311.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2016-9311.patch.

1333897... by Marc Deslauriers on 2017-06-28

CVE-2016-9310.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2016-9310.patch.

5dbea80... by Marc Deslauriers on 2017-06-28

CVE-2016-9042.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2016-9042.patch.

ea38b15... by Marc Deslauriers on 2017-06-28

CVE-2016-7434.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2016-7434.patch.