[ntp:announce] NTP 4.2.4p7 Released
NTP Public Services Project
webmaster at ntp.org
Mon May 18 15:53:53 UTC 2009
Redwood City, CA - 2009/05/18 - The NTP Public Services Project
(http://support.ntp.org/) is pleased to announce that NTP 4.2.4p7,
a Point Release of the NTP Reference Implementation from the
NTP Project, is now available at http://www.ntp.org/downloads.html and
http://support.ntp.org/download.
Security Updates:
* [Sec 1144] limited (two byte) buffer overflow in ntpq. CVE-2009-0159
Credit for finding this vulnerability goes to Geoff Keating of Apple.
http://bugs.ntp.org/1144
* [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows
Credit for finding this issue goes to Dave Hart.
http://bugs.ntp.org/1149
* [Sec 1151] Remote exploit if autokey is enabled. CVE-2009-1252
http://bugs.ntp.org/1151
Other Changes:
* Fix many compiler warnings
* Many fixes and improvements for Windows
* Adds support for AIX 6.1
* Resolves some issues under MacOS X and Solaris
* Improved logging
The file-size of this Point Release is 3382146 bytes. An MD5 sum
of this release is available at http://www.ntp.org/downloads.html and
http://support.ntp.org/download.
Please report any bugs, issues, or desired enhancements at
http://bugs.ntp.org/.
The NTP (Network Time Protocol) Public Services Project, which is
hosted by Internet Systems Consortium, Inc. (http://www.isc.org/),
provides support and additional development resources for the
Reference Implementation of NTP produced by the NTP Project
(http://www.ntp.org/).
More information about the announce
mailing list