[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2201-1] ntp security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : ntp
Version        : 1:4.2.6.p5+dfsg-7+deb8u3
CVE ID         : CVE-2020-11868

A Denial of Service (DoS) vulnerability was discovered in the network
time protocol server/client, ntp.

ntp allowed an "off-path" attacker to block unauthenticated
synchronisation via a server mode packet with a spoofed source IP
address because transmissions were rescheduled even if a packet
lacked a valid "origin timestamp"

For Debian 8 "Jessie", this issue has been fixed in ntp version
1:4.2.6.p5+dfsg-7+deb8u3.

We recommend that you upgrade your ntp packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl6xOCQACgkQHpU+J9Qx
HlgoMg//T0rObYWMHmatqA1LYkJJdr8t/Kiv87RGujfzkL2Se/WLNqU/dE3qmWng
NgOMoffQhyuf7UPcOGHHYfvl17H73zrzmqe+2tCLnmKlVAF+F7JylmTisPxZzMQe
zrmDqMsFNVxKFK+OPWXuVTb/tprq0G/3hN0nbJvflSPGrUgZedkW5QmLzIV/VjTr
J/z3wUz7j7z0GYR067u4crjcAIuSmeQwkYLlrGfpfIcm3M/iAA9OnwVHgMhPbdSU
CTIg4NDjR02E1JP1gxGQABkvJe4H5+FHzvvg26UicxCIkMPmCTGgbE22K9d3/dc2
qfPznTZ6i6TRi63SstgSUK8rV900Jo/kwhI7gqFpaVRGlK5cCxxhwG8SfgZzLhTi
jEEvzfeScIcpt4GapiaFiZrl8C0gipqWCWAjd24xMFzWsIggkHtxhFAagBfdKcQl
kNn8ApMKEOlNkPcKTqelZ5d4bJ4T860CEXpVz+DxPORsSilFqcOjiQoejrfwxsRL
JWzUjn6iMtjUim5oThII2M2LqTN79ARIFXX7o/PRHakGCovzMsWGDBeafjNpnlKK
ScVUP82pq45gT1AXF971eOkE1oQ5uTGyz0LxaUfNWS/0jwNKhCk24Ye/ximzAB8k
8Cm09r5wdUOkWHAFEu76RSCr4i2fzvNh6MOMy4jBloQBt/8jSGk=
=XZJh
-----END PGP SIGNATURE-----


Reply to: