Several security issues were fixed in NTP.
Software Description:
- ntp: Network Time Protocol daemon and utility programs
Details:
Yihan Lian discovered that NTP incorrectly handled certain large request
data values. A remote attacker could possibly use this issue to cause NTP
to crash, resulting in a denial of service. This issue only affected
Ubuntu 16.04 LTS. (CVE-2016-2519)
Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed
addresses when performing rate limiting. A remote attacker could possibly
use this issue to perform a denial of service. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7426)
Matthew Van Gundy discovered that NTP incorrectly handled certain crafted
broadcast mode packets. A remote attacker could possibly use this issue to
perform a denial of service. This issue only affected Ubuntu 14.04 LTS,
Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7427, CVE-2016-7428)
Miroslav ...
The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: ntp 1:4.2.8p9+dfsg-2ubuntu1.1 Ubuntu 16.10: ntp 1:4.2.8p8+dfsg-1ubuntu2.1 Ubuntu 16.04 LTS: ntp 1:4.2.8p4+dfsg-3ubuntu5.5 Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.11 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-3349-1
CVE-2016-2519, CVE-2016-7426, CVE-2016-7427, CVE-2016-7428,
CVE-2016-7429, CVE-2016-7431, CVE-2016-7433, CVE-2016-7434,
CVE-2016-9042, CVE-2016-9310, CVE-2016-9311, CVE-2017-6458,
CVE-2017-6460, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464
Get the latest Linux and open source security news straight to your inbox.