Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 20.04 & 20.10 USN-4563-2 Moderate NTP Denial Of Service

ubuntu
Calendar Grey April 20, 2021
Dist Ubuntu Esm H88
NTP exhibits susceptibility to failures in certain iterations of Ubuntu. Consult the security bulletin for comprehensive information and necessary patches.
NTP could be made to crash.

Summary

NTP could be made to crash.

Software Description:

- ntp: Network Time Protocol daemon and utility programs

Details:

USN-4563-1 fixed a vulnerability in NTP. This update provides the

corresponding update for Ubuntu 20.04 LTS and Ubuntu 20.10.

Original advisory details:

 It was discovered that the fix for CVE-2018-7182 introduced a NULL pointer

 dereference into NTP. An attacker could use this vulnerability to cause a

 denial of service (crash).

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
  ntp                             1:4.2.8p12+dfsg-3ubuntu4.20.10.1
  ntpdate                         1:4.2.8p12+dfsg-3ubuntu4.20.10.1
  sntp                            1:4.2.8p12+dfsg-3ubuntu4.20.10.1

Ubuntu 20.04 LTS:
  ntp                             1:4.2.8p12+dfsg-3ubuntu4.20.04.1
  ntpdate                         1:4.2.8p12+dfsg-3ubuntu4.20.04.1
  sntp                            1:4.2.8p12+dfsg-3ubuntu4.20.04.1

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-4563-2

  https://ubuntu.com/security/notices/USN-4563-1

  CVE-2019-8936

Package Information

  https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p12+dfsg-3ubuntu4.20.10.1
  https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p12+dfsg-3ubuntu4.20.04.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here