Information on source package ntp

Available versions

ReleaseVersion
wheezy1:4.2.6.p5+dfsg-2+deb7u6
wheezy (security)1:4.2.6.p5+dfsg-2+deb7u7
jessie (security)1:4.2.6.p5+dfsg-7+deb8u2
stretch1:4.2.8p10+dfsg-3+deb9u1
buster1:4.2.8p10+dfsg-5
sid1:4.2.8p10+dfsg-5

Open issues

BugwheezyjessiestretchbustersidDescription
CVE-2017-6464vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedNTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to ...
CVE-2017-6463vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedNTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote ...
CVE-2016-9311vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedntpd in NTP before 4.2.8p9, when the trap service is enabled, allows ...
CVE-2016-9310vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 ...
CVE-2016-7429vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedNTP before 4.2.8p9 changes the peer structure to the interface it ...
CVE-2016-7426vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedNTP before 4.2.8p9 rate limits responses received from the configured ...
CVE-2016-4955vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote ...
CVE-2016-4954vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe process_packet function in ntp_proto.c in ntpd in NTP 4.x before ...
CVE-2016-2519vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote ...
CVE-2016-1549vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedA malicious authenticated peer can create arbitrarily-many ephemeral ...
CVE-2016-0727vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe crontab script in the ntp package before ...
CVE-2015-8140vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe ntpq protocol in NTP before 4.2.8p7 allows remote attackers to ...
CVE-2015-8139vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin ...
CVE-2015-7976vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, ...
CVE-2015-7973vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedNTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in ...
CVE-2015-7705vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before ...
CVE-2013-5211vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 ...

Open unimportant issues

BugwheezyjessiestretchbustersidDescription
CVE-2017-6462vulnerablevulnerablefixedfixedfixedBuffer overflow in the legacy Datum Programmable Time Server (DPTS) ...
CVE-2017-6458vulnerablevulnerablefixedfixedfixedMultiple buffer overflows in the ctl_put* functions in NTP before ...
CVE-2016-2517vulnerablevulnerablefixedfixedfixedNTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to ...

Resolved issues

BugDescription
CVE-2017-6460Stack-based buffer overflow in the reslist function in ntpq in NTP ...
CVE-2017-6459The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 ...
CVE-2017-6455NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows ...
CVE-2017-6452Stack-based buffer overflow in the Windows installer for NTP before ...
CVE-2017-6451The mx4200_send function in the legacy MX4200 refclock in NTP before ...
CVE-2016-9312ntpd in NTP before 4.2.8p9, when running on Windows, allows remote ...
CVE-2016-9042
CVE-2016-7434The read_mru_list function in NTP before 4.2.8p9 allows remote ...
CVE-2016-7433NTP before 4.2.8p9 does not properly perform the initial sync ...
CVE-2016-7431NTP before 4.2.8p9 allows remote attackers to bypass the origin ...
CVE-2016-7428ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial ...
CVE-2016-7427The broadcast mode replay prevention functionality in ntpd in NTP ...
CVE-2016-4957ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial ...
CVE-2016-4956ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a ...
CVE-2016-4953ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a ...
CVE-2016-2518The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x ...
CVE-2016-2516NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, ...
CVE-2016-1551ntpd in NTP 4.2.8p3 and NTPsec ...
CVE-2016-1550An exploitable vulnerability exists in the message authentication ...
CVE-2016-1548An attacker can spoof a packet from a legitimate ntpd server with an ...
CVE-2016-1547An off-path attacker can cause a preemptible client association to be ...
CVE-2015-8158The getresponse function in ntpq in NTP versions before 4.2.8p9 and ...
CVE-2015-8138NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to ...
CVE-2015-7979NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to ...
CVE-2015-7978NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers ...
CVE-2015-7977ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote ...
CVE-2015-7975The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 ...
CVE-2015-7974NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer ...
CVE-2015-7871Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x ...
CVE-2015-7855The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and ...
CVE-2015-7854Buffer overflow in the password management functionality in NTP 4.2.x ...
CVE-2015-7853The datalen parameter in the refclock driver in NTP 4.2.x before ...
CVE-2015-7852ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows ...
CVE-2015-7851
CVE-2015-7850ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows ...
CVE-2015-7849Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and ...
CVE-2015-7848An integer overflow can occur in NTP-dev.4.3.70 leading to an ...
CVE-2015-7704The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 ...
CVE-2015-7703The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before ...
CVE-2015-7702The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and ...
CVE-2015-7701Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before ...
CVE-2015-7692The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and ...
CVE-2015-7691The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and ...
CVE-2015-5300The panic_gate check in NTP before 4.2.8p5 is only re-enabled after ...
CVE-2015-5219The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not ...
CVE-2015-5195ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers ...
CVE-2015-5194The log_config_command function in ntp_parser.y in ntpd in NTP before ...
CVE-2015-5146ntpd in ntp before 4.2.8p3 with remote configuration enabled allows ...
CVE-2015-3405ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 ...
CVE-2015-1799The symmetric-key feature in the receive function in ntp_proto.c in ...
CVE-2015-1798The symmetric-key feature in the receive function in ntp_proto.c in ...
CVE-2014-9751The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before ...
CVE-2014-9750ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey ...
CVE-2014-9296The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 ...
CVE-2014-9295Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 ...
CVE-2014-9294util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak ...
CVE-2014-9293The config_auth function in ntpd in NTP before 4.2.7p11, when an auth ...
CVE-2009-3563ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote ...
CVE-2009-1252Stack-based buffer overflow in the crypto_recv function in ...
CVE-2009-0159Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c ...
CVE-2009-0021NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly ...
CVE-2005-2496The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option ...
CVE-2004-0657Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP ...

Security announcements

DSA / DLADescription
DSA-3629-1ntp - security update
DLA-559-1ntp - security update
DSA-3388-1ntp - security update
DSA-3388-1ntp - security update
DLA-335-1ntp - security update
DSA-3223-1ntp - security update
DLA-192-1ntp - security update
DSA-3154-2ntp - incomplete fix
DLA-149-1ntp - security update
DSA-3154-1ntp - security update
DSA-3108-1ntp - security update
DLA-116-1ntp - security update
DSA-1948-1ntp - denial of service
DSA-1948-1ntp - denial of service
DSA-1801-1ntp - several vulnerabilities
DSA-1801-1ntp - several vulnerabilities
DSA-1702-1ntp - cryptographic weakness
DSA-801-1ntp - programming error
DSA-801-1ntp - programming error

Search for package or bug name: Reporting problems