Explore top 10 tips to secure your open-source projects now. Read More
×
Update to version 1.7.1. Includes the fix for CVE-2026-26076: rs/security/advisories/GHSA-c7j7-rmvr-fjmv Release notes: rs/releases/tag/v1.7.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-eb0777262e 2026-03-31 00:16:35.926071+00:00 -------------------------------------------------------------------------------- Name : ntpd-rs Product : Fedora 44 Version : 1.7.1 Release : 1.fc44 URL : rs Summary : Full-featured implementation of NTP with NTS support Description : Full-featured implementation of NTP with NTS support. -------------------------------------------------------------------------------- Update Information: Update to version 1.7.1. Includes the fix for CVE-2026-26076: rs/security/advisories/GHSA-c7j7-rmvr-fjmv Release notes: rs/releases/tag/v1.7.0 rs/releases/tag/v1.7.1 -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 22 2026 Fabio Valentini - 1.7.1-1 - Update to version 1.7.1; Fixes RHBZ#2435477 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-eb0777262e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Multiple vulnerabilities have been discovered in NTP, the worst of which could lead to the execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202507-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: NTP: Multiple Vulnerabilities Date: July 08, 2025 Bugs: #904337 ID: 202507-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in NTP, the worst of which could lead to the execution of arbitrary code. Background ========== NTP contains software for the Network Time Protocol. Affected packages ================= Package Vulnerable Unaffected ------------ ------------ ------------ net-misc/ntp < 4.2.8_p16 > = 4.2.8_p16 Description =========== Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact ====== The first four of these CVEs affect a function in libntp that is only used by ntpq, but not by ntpd. The last CVE affects the driver for a hardware clock (GPS receiver), so ntpd might be vulnerable to manipulated devices of that type, but not to remote attacks. Workaround ========== There is no known workaround at this time. Resolution ========== All NTP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-misc/ntp-4.2.8_p16" References ========== [ 1 ] CVE-2023-26551 https://nvd.nist.gov/vuln/detail/CVE-2023-26551 [ 2 ] CVE-2023-26552 https://nvd.nist.gov/vuln/detail/CVE-2023-26552 [ 3 ] CVE-2023-26553 https://nvd.nist.gov/vuln/detail/CVE-2023-26553 [ 4 ] CVE-2023-26554 https://nvd.nist.gov/vuln/detail/CVE-2023-26554 [ 5 ]CVE-2023-26555 https://nvd.nist.gov/vuln/detail/CVE-2023-26555 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202507-05 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
New ntp packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ntp (SSA:2023-153-02) New ntp packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p16-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-26551 https://www.cve.org/CVERecord?id=CVE-2023-26552 https://www.cve.org/CVERecord?id=CVE-2023-26553 https://www.cve.org/CVERecord?id=CVE-2023-26554 https://www.cve.org/CVERecord?id=CVE-2023-26555 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 14.0: Updated package for Slackware x86_64 14.0: Updated package for Slackware 14.1: Updated package for Slackware x86_64 14.1: Updated package for Slackware 14.2: Updated package for Slackware x86_64 14.2: Updated package for Slackware 15.0: Updated package for Slackware x86_64 15.0: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 14.0 package: 6499c3a8f2b21d06848f589a1f96fe2b ntp-4.2.8p16-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 971b27c0ee14a4e530882628c092fa01 ntp-4.2.8p16-x86_64-1_slack14.0.txz Slackware 14.1 package: dc8c121370b085ce1212bc45bf914d92 ntp-4.2.8p16-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 81f4368218472fcd589426102c1c2564 ntp-4.2.8p16-x86_64-1_slack14.1.txz Slackware 14.2package: 8b9e22994ce2c3e4a7705470ffed2877 ntp-4.2.8p16-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 237adf9c8782bd6942b2e099117c694e ntp-4.2.8p16-x86_64-1_slack14.2.txz Slackware 15.0 package: bd147c1bb181bbaea43fc4ba7170fba3 ntp-4.2.8p16-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 5a61a4d85f959f34d4cbad5655265c18 ntp-4.2.8p16-x86_64-1_slack15.0.txz Slackware -current package: 9691d0ba62a3d7f929477dc129738be7 n/ntp-4.2.8p16-i586-1.txz Slackware x86_64 -current package: ae4b28260065039cb26813fbd9541633 n/ntp-4.2.8p16-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg ntp-4.2.8p16-i586-1_slack15.0.txz Then, restart the NTP daemon: # sh /etc/rc.d/rc.ntpd restart +-----+ . Recent updates for the ntp packages have been released for Slackware 14.0 to address urgent security vulnerabilities and maintain system reliability.. NTP Package, Slackware Security Update, Critical Patch. . Severity: Critical. LinuxSecurity.com Team
NTP could be made to crash.. =========================================================================Ubuntu Security Notice USN-4563-2 April 20, 2021 ntp vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS Summary: NTP could be made to crash. Software Description: - ntp: Network Time Protocol daemon and utility programs Details: USN-4563-1 fixed a vulnerability in NTP. This update provides the corresponding update for Ubuntu 20.04 LTS and Ubuntu 20.10. Original advisory details: It was discovered that the fix for CVE-2018-7182 introduced a NULL pointer dereference into NTP. An attacker could use this vulnerability to cause a denial of service (crash). Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: ntp 1:4.2.8p12+dfsg-3ubuntu4.20.10.1 ntpdate 1:4.2.8p12+dfsg-3ubuntu4.20.10.1 sntp 1:4.2.8p12+dfsg-3ubuntu4.20.10.1 Ubuntu 20.04 LTS: ntp 1:4.2.8p12+dfsg-3ubuntu4.20.04.1 ntpdate 1:4.2.8p12+dfsg-3ubuntu4.20.04.1 sntp 1:4.2.8p12+dfsg-3ubuntu4.20.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4563-2 https://ubuntu.com/security/notices/USN-4563-1 CVE-2019-8936 Package Information: https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p12+dfsg-3ubuntu4.20.10.1 https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p12+dfsg-3ubuntu4.20.04.1 . NTP exhibits susceptibility to failures in certain iterations of Ubuntu. Consult the security bulletin for comprehensiveinformation and necessary patches.. NTP Update, Ubuntu 20.04, Ubuntu 20.10, Denial Of Service. . LinuxSecurity.com Team
NTP could be made to crash.. =========================================================================Ubuntu Security Notice USN-4563-1 October 01, 2020 ntp vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: NTP could be made to crash. Software Description: - ntp: Network Time Protocol daemon and utility programs Details: It was discovered that the fix for CVE-2018-7182 introduced a NULL pointer dereference into NTP. An attacker could use this vulnerability to cause a denial of service (crash). Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: ntp 1:4.2.8p10+dfsg-5ubuntu7.3 ntpdate 1:4.2.8p10+dfsg-5ubuntu7.3 sntp 1:4.2.8p10+dfsg-5ubuntu7.3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4563-1 CVE-2019-8936 Package Information: https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p10+dfsg-5ubuntu7.3 . A recent flaw in NTP could lead to system instability. Ensure you upgrade your Ubuntu 18.04 LTS immediately to implement essential fixes.. NTP Update, Ubuntu Security, Denial of Service, System Crash, Software Vulnerability. . Severity: Critical. LinuxSecurity.com Team
Multiple vulnerabilities have been found in NTP, the worst of which could result in a Denial of Service condition.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202007-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: NTP: Multiple vulnerabilities Date: July 26, 2020 Bugs: #717798, #729458 ID: 202007-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in NTP, the worst of which could result in a Denial of Service condition. Background ========= NTP contains software for the Network Time Protocol. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/ntp < 4.2.8_p15 > = 4.2.8_p15 Description ========== Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All NTP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-misc/ntp-4.2.8_p15" References ========= [ 1 ] CVE-2020-11868 https://nvd.nist.gov/vuln/detail/CVE-2020-11868 [ 2 ] CVE-2020-13817 https://nvd.nist.gov/vuln/detail/CVE-2020-13817 [ 3 ] CVE-2020-15025 https://nvd.nist.gov/vuln/detail/CVE-2020-15025 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202007-12 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
An update that solves four vulnerabilities and has two fixes is now available.. openSUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1007-1 Rating: moderate References: #1125401 #1169740 #1171355 #1172651 #1173334 #992038 Cross-References: CVE-2018-8956 CVE-2020-11868 CVE-2020-13817 CVE-2020-15025 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This update for ntp fixes the following issues: ntp was updated to 4.2.8p15 - CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service (bsc#1169740). - CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355). - CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651). - CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334). - Removed an OpenSSL version warning (bsc#992038 and bsc#1125401). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2020-1007=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): ntp-4.2.8p15-lp152.3.3.1 ntp-debuginfo-4.2.8p15-lp152.3.3.1 ntp-debugsource-4.2.8p15-lp152.3.3.1 ntp-doc-4.2.8p15-lp152.3.3.1 References: https://www.suse.com/security/cve/CVE-2018-8956.html https://www.suse.com/security/cve/CVE-2020-11868.html https://www.suse.com/security/cve/CVE-2020-13817.html https://www.suse.com/security/cve/CVE-2020-15025.html https://bugzilla.suse.com/1125401 https://bugzilla.suse.com/1169740 https://bugzilla.suse.com/1171355 https://bugzilla.suse.com/1172651 https://bugzilla.suse.com/1173334 https://bugzilla.suse.com/992038 -- . A recent security update addresses four weaknesses in openSUSE's NTP, bolstering system security.. openSUSE Security Update, NTP Fixes, Denial Of Service, Moderate Severity. . LinuxSecurity.com Team
An update that solves four vulnerabilities and has two fixes is now available.. openSUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0934-1 Rating: moderate References: #1125401 #1169740 #1171355 #1172651 #1173334 #992038 Cross-References: CVE-2018-8956 CVE-2020-11868 CVE-2020-13817 CVE-2020-15025 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This update for ntp fixes the following issues: ntp was updated to 4.2.8p15 - CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service (bsc#1169740). - CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355). - CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651). - CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334). - Removed an OpenSSL version warning (bsc#992038 and bsc#1125401). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-934=1 Package List: - openSUSE Leap 15.1 (i586 x86_64): ntp-4.2.8p15-lp151.2.3.1 ntp-debuginfo-4.2.8p15-lp151.2.3.1 ntp-debugsource-4.2.8p15-lp151.2.3.1 ntp-doc-4.2.8p15-lp151.2.3.1 References: https://www.suse.com/security/cve/CVE-2018-8956.html https://www.suse.com/security/cve/CVE-2020-11868.html https://www.suse.com/security/cve/CVE-2020-13817.html https://www.suse.com/security/cve/CVE-2020-15025.html https://bugzilla.suse.com/1125401 https://bugzilla.suse.com/1169740 https://bugzilla.suse.com/1171355 https://bugzilla.suse.com/1172651 https://bugzilla.suse.com/1173334 https://bugzilla.suse.com/992038 -- . openSUSE Security Update: Security update for ntp __________________________________________________. update, solves, vulnerabilities, fixes, opensuse, security. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.