ubuntu/+source/ntp:ubuntu/trusty-security

Last commit made on 2018-07-09
Get this branch:
git clone -b ubuntu/trusty-security https://git.launchpad.net/ubuntu/+source/ntp
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/trusty-security
Repository:
lp:ubuntu/+source/ntp

Recent commits

45bb618... by Marc Deslauriers on 2018-07-06

Import patches-unapplied version 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 0ff51defb30d6830f987a0025df056dbb1eb1260

New changelog entries:
  * SECURITY UPDATE: code execution via buffer overflow in decodearr
    - debian/patches/CVE-2018-7183.patch: prevent writing beyons limits in
      ntpq/ntpq.c.
    - CVE-2018-7183
  * SECURITY UPDATE: DoS via certain packets with a zero-origin timestamp
    - debian/patches/CVE-2018-7185.patch: add additional checks to
      ntpd/ntp_proto.c.
    - CVE-2018-7185

0ff51de... by Christian Ehrhardt  on 2017-07-07

Import patches-unapplied version 1:4.2.6.p5+dfsg-3ubuntu2.14.04.12 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 217bf7739b1aa1991d0947bf685e17594a7894f0

New changelog entries:
  * debian/ntpdate.if-up: Drop delta to stop/start service around ntpdate
    updates - fixes ntp restart storms due to network changes, fixes
    accidential start of ntp, avoids issues of ntpdate jumping too far while
    running ntp was supposed to drift (LP: #1593907)

217bf77... by Marc Deslauriers on 2017-06-28

Import patches-unapplied version 1:4.2.6.p5+dfsg-3ubuntu2.14.04.11 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: be1c017a8dc78e4bd0edb0d6d5dbe491916784d8

New changelog entries:
  * SECURITY UPDATE: DoS via responses with a spoofed source address
    - debian/patches/CVE-2016-7426.patch: improve rate limiting in
      ntpd/ntp_proto.c.
    - CVE-2016-7426
  * SECURITY UPDATE: DoS via crafted broadcast mode packet
    - debian/patches/CVE-2016-7427-1.patch: improve replay prevention
      logic in ntpd/ntp_proto.c.
    - CVE-2016-7427
  * SECURITY UPDATE: DoS via poll interval in a broadcast packet
    - debian/patches/CVE-2016-7428.patch: ensure at least one poll interval
      has elapsed in ntpd/ntp_proto.c, include/ntp.h.
    - CVE-2016-7428
  * SECURITY UPDATE: DoS via response for a source to an interface the
    source does not use
    - debian/patches/CVE-2016-7429-1.patch: add extra checks to
      ntpd/ntp_peer.c.
    - debian/patches/CVE-2016-7429-2.patch: check for NULL first in
      ntpd/ntp_peer.c.
    - debian/patches/CVE-2016-7429-3.patch: fix multicastclient regression
      in ntpd/ntp_peer.c.
    - CVE-2016-7429
  * SECURITY UPDATE: traps can be set or unset via a crafted control mode
    packet
    - debian/patches/CVE-2016-9310.patch: require AUTH in
      ntpd/ntp_control.c.
    - CVE-2016-9310
  * SECURITY UPDATE: DoS when trap service is enabled
    - debian/patches/CVE-2016-9311.patch: make sure peer events are
      associated with a peer in ntpd/ntp_control.c.
    - CVE-2016-9311
  * SECURITY UPDATE: potential Overflows in ctl_put() functions
    - debian/patches/CVE-2017-6458.patch: check lengths in
      ntpd/ntp_control.c.
    - CVE-2017-6458
  * SECURITY UPDATE: buffer overflow in DPTS refclock driver
    - debian/patches/CVE-2017-6462.patch: don't overrun buffer in
      ntpd/refclock_datum.c.
    - CVE-2017-6462
  * SECURITY UPDATE: DoS via invalid setting in a :config directive
    - debian/patches/CVE-2017-6463.patch: protect against overflow in
      ntpd/ntp_config.c.
    - CVE-2017-6463
  * SECURITY UPDATE: Dos via malformed mode configuration directive
    - debian/patches/CVE-2017-6464.patch: validate directives in
      ntpd/ntp_config.c, ntpd/ntp_proto.c.
    - CVE-2017-6464

be1c017... by Marc Deslauriers on 2016-10-05

Import patches-unapplied version 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 94235808018e57d9c6cb9c05b7d05f2c1fd584f9

New changelog entries:
  * SECURITY UPDATE: Deja Vu replay attack on authenticated broadcast mode
    - debian/patches/CVE-2015-7973.patch: improve timestamp verification in
      include/ntp.h, ntpd/ntp_proto.c.
    - CVE-2015-7973
  * SECURITY UPDATE: impersonation between authenticated peers
    - debian/patches/CVE-2015-7974.patch: check key ID in ntpd/ntp_proto.c.
    - CVE-2015-7974
  * SECURITY UPDATE: ntpq saveconfig command allows dangerous characters in
    filenames
    - debian/patches/CVE-2015-7976.patch: check filename in
      ntpd/ntp_control.c.
    - CVE-2015-7976
  * SECURITY UPDATE: restrict list denial of service
    - debian/patches/CVE-2015-7977-7978.patch: improve restrict list
      processing in ntpd/ntp_request.c.
    - CVE-2015-7977
    - CVE-2015-7978
  * SECURITY UPDATE: authenticated broadcast mode off-path denial of
    service
    - debian/patches/CVE-2015-7979.patch: add more checks to
      ntpd/ntp_proto.c.
    - CVE-2015-7979
    - CVE-2016-1547
  * SECURITY UPDATE: Zero Origin Timestamp Bypass
    - debian/patches/CVE-2015-8138.patch: check p_org in ntpd/ntp_proto.c.
    - CVE-2015-8138
  * SECURITY UPDATE: potential infinite loop in ntpq
    - debian/patches/CVE-2015-8158.patch: add time checks to ntpdc/ntpdc.c,
      ntpq/ntpq.c.
    - CVE-2015-8158
  * SECURITY UPDATE: NTP statsdir cleanup cronjob insecure (LP: #1528050)
    - debian/ntp.cron.daily: fix security issues, patch thanks to halfdog!
    - CVE-2016-0727
  * SECURITY UPDATE: time spoofing via interleaved symmetric mode
    - debian/patches/CVE-2016-1548.patch: check for bogus packets in
      ntpd/ntp_proto.c.
    - CVE-2016-1548
  * SECURITY UPDATE: buffer comparison timing attacks
    - debian/patches/CVE-2016-1550.patch: use CRYPTO_memcmp in
      libntp/a_md5encrypt.c, sntp/crypto.c.
    - CVE-2016-1550
  * SECURITY UPDATE: DoS via duplicate IPs on unconfig directives
    - debian/patches/CVE-2016-2516.patch: improve logic in
      ntpd/ntp_request.c.
    - CVE-2016-2516
  * SECURITY UPDATE: denial of service via crafted addpeer
    - debian/patches/CVE-2016-2518.patch: check mode value in
      ntpd/ntp_request.c.
    - CVE-2016-2518
  * SECURITY UPDATE: denial of service via spoofed packets
    - debian/patches/CVE-2016-4954.patch: discard packet that fails tests
      in ntpd/ntp_proto.c.
    - CVE-2016-4954
  * SECURITY UPDATE: denial of service via spoofed crypto-NAK or incorrect
    MAC
    - debian/patches/CVE-2016-4955.patch: fix checks in ntpd/ntp_proto.c.
    - CVE-2016-4955
  * SECURITY UPDATE: denial of service via spoofed broadcast packet
    - debian/patches/CVE-2016-4956.patch: properly handle switch in
      broadcast interleaved mode in ntpd/ntp_proto.c.
    - CVE-2016-4956

9423580... by Eric Desrochers on 2016-01-25

Import patches-unapplied version 1:4.2.6.p5+dfsg-3ubuntu2.14.04.8 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: e847bd77883333577955481d0d1ddcc996aadd80

New changelog entries:
  * ntpd rejects source UDP ports less than 123 as bogus (closes: #691412)
    - d/p/reject-UDP-ports-less-than-123-as-bogus.patch (LP: #1479652)

e847bd7... by Cam Cope on 2016-01-19

Import patches-unapplied version 1:4.2.6.p5+dfsg-3ubuntu2.14.04.7 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 4ea822df1fd13d25cf3273642fe9088fd4c6343d

New changelog entries:
  * Use a single lockfile again - instead unlock the file before starting the
    init script. The lock sho uld be shared - both services can't run at the
    same time. (LP: #1125726)

4ea822d... by Eric Desrochers on 2015-10-29

Import patches-unapplied version 1:4.2.6.p5+dfsg-3ubuntu2.14.04.6 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: e2931ffbc7fec2cfd1183324564292c8bb0fb327

New changelog entries:
  * Fix use-after-free in routing socket code (closes: #795315)
    - debian/patches/use-after-free-in-routing-socket.patch:
      fix logic in ntpd/ntp_io.c (LP: #1481388)

e2931ff... by Marc Deslauriers on 2015-10-23

Import patches-unapplied version 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: c5db81500ef832ba4ac28e195b6180213b48194f

New changelog entries:
  * SECURITY UPDATE: denial of service via crafted NUL-byte in
    configuration directive
    - debian/patches/CVE-2015-5146.patch: properly validate command in
      ntpd/ntp_control.c.
    - CVE-2015-5146
  * SECURITY UPDATE: denial of service via malformed logconfig commands
    - debian/patches/CVE-2015-5194.patch: fix logconfig logic in
      ntpd/ntp_parser.y.
    - CVE-2015-5194
  * SECURITY UPDATE: denial of service via disabled statistics type
    - debian/patches/CVE-2015-5195.patch: handle unrecognized types in
      ntpd/ntp_config.c.
    - CVE-2015-5195
  * SECURITY UPDATE: file overwrite via remote pidfile and driftfile
    configuration directives
    - debian/patches/CVE-2015-5196.patch: disable remote configuration in
      ntpd/ntp_parser.y.
    - CVE-2015-5196
    - CVE-2015-7703
  * SECURITY UPDATE: denial of service via precision value conversion
    - debian/patches/CVE-2015-5219.patch: use ldexp for LOGTOD in
      include/ntp.h.
    - CVE-2015-5219
  * SECURITY UPDATE: timeshifting by reboot issue
    - debian/patches/CVE-2015-5300.patch: disable panic in
      ntpd/ntp_loopfilter.c.
    - CVE-2015-5300
  * SECURITY UPDATE: incomplete autokey data packet length checks
    - debian/patches/CVE-2015-7691.patch: add length and size checks to
      ntpd/ntp_crypto.c.
    - CVE-2015-7691
    - CVE-2015-7692
    - CVE-2015-7702
  * SECURITY UPDATE: memory leak in CRYPTO_ASSOC
    - debian/patches/CVE-2015-7701.patch: add missing free in
      ntpd/ntp_crypto.c.
    - CVE-2015-7701
  * SECURITY UPDATE: denial of service by spoofed KoD
    - debian/patches/CVE-2015-7704.patch: add check to ntpd/ntp_proto.c.
    - CVE-2015-7704
    - CVE-2015-7705
  * SECURITY UPDATE: denial of service via same logfile and keyfile
    - debian/patches/CVE-2015-7850.patch: rate limit errors in
      include/ntp_stdlib.h, include/ntp_syslog.h, libntp/authreadkeys.c,
      libntp/msyslog.c.
    - CVE-2015-7850
  * SECURITY UPDATE: ntpq atoascii memory corruption
    - debian/patches/CVE-2015-7852.patch: avoid buffer overrun in
      ntpq/ntpq.c.
    - CVE-2015-7852
  * SECURITY UPDATE: buffer overflow via custom refclock driver
    - debian/patches/CVE-2015-7853.patch: properly calculate length in
      ntpd/ntp_io.c.
    - CVE-2015-7853
  * SECURITY UPDATE: denial of service via ASSERT in decodenetnum
    - debian/patches/CVE-2015-7855.patch: simply return fail in
      libntp/decodenetnum.c.
    - CVE-2015-7855
  * SECURITY UPDATE: symmetric association authentication bypass via
    crypto-NAK
    - debian/patches/CVE-2015-7871.patch: drop unhandled packet in
      ntpd/ntp_proto.c.
    - CVE-2015-7871
  * debian/control: add bison to Build-Depends.
  * debian/rules: remove ntp/ntp_parser.{c,h} or they don't get properly
    regenerated for some reason.
  * This package does _not_ contain the changes from
    (1:4.2.6.p5+dfsg-3ubuntu2.14.04.4) in trusty-proposed.

c5db815... by Marc Deslauriers on 2015-04-13

Import patches-unapplied version 1:4.2.6.p5+dfsg-3ubuntu2.14.04.3 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 3edc4ce7e023cad8bdb36fb0c6dc2590e63b689c

New changelog entries:
  * SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
    - debian/patches/CVE-2015-1798.patch: reject packets without MAC in
      ntpd/ntp_proto.c.
    - CVE-2015-1798
  * SECURITY UPDATE: symmetric association DoS attack
    - debian/patches/CVE-2015-1799.patch: don't update state variables when
      authentication fails in ntpd/ntp_proto.c.
    - CVE-2015-1799
  * SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
    endian platforms
    - debian/patches/ntp-keygen-endless-loop.patch: fix logic in
      util/ntp-keygen.c.
    - CVE number pending

3edc4ce... by Marc Deslauriers on 2015-02-06

Import patches-unapplied version 1:4.2.6.p5+dfsg-3ubuntu2.14.04.2 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 4029353784b1e529b8faad0313fe6c801f6537b7

New changelog entries:
  * SECURITY UPDATE: denial of service and possible info leakage via
    extension fields
    - debian/patches/CVE-2014-9297.patch: properly check lengths in
      ntpd/ntp_crypto.c, ntpd/ntp_proto.c.
    - CVE-2014-9297
  * SECURITY UPDATE: IPv6 ACL bypass
    - debian/patches/CVE-2014-9298.patch: check for spoofed ::1 in
      ntpd/ntp_io.c.
    - CVE-2014-9298