Debian Security Advisory
DLA-2201-1 ntp -- LTS security update
- Date Reported:
- 05 May 2020
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2020-11868.
- More information:
A Denial of Service (DoS) vulnerability was discovered in the network time protocol server/client, ntp.
ntp allowed an "off-path" attacker to block unauthenticated synchronisation via a server mode packet with a spoofed source IP address because transmissions were rescheduled even if a packet lacked a valid "origin timestamp"
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp
For Debian 8
Jessie, these problems have been fixed in version 1:4.2.6.p5+dfsg-7+deb8u3.
We recommend that you upgrade your ntp packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS