You have been subscribed to a public bug: Network Time Protocol (NTP) Project NTP daemon (ntpd) contains multiple vulnerabilities
The NTP Project ntpd version 4.2.7 and pervious versions allow attackers to overflow several buffers in a way that may allow malicious code to be executed. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities affect ntpd acting as a server or client. Description The Network Time Protocol (NTP) provides networked systems with a way to synchronize time for various services and applications. The reference implementation produced by the NTP Project (ntp.org) contains several vulnerabilities. http://www.kb.cert.org/vuls/id/852879 https://access.redhat.com/security/cve/CVE-2014-9295 The backport for 4.0 is also needed. ** Affects: ntp (Ubuntu) Importance: Critical Assignee: MOS Linux (mos-linux) Status: Confirmed ** Tags: customer-found cve-2014-9295 ntp -- ntp vulnerabilities https://bugs.launchpad.net/bugs/1405404 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in Ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
