[ntp:questions] NTP 4.2.6 Released

Martin Burnicki martin.burnicki at meinberg.de
Tue Dec 15 10:25:51 UTC 2009

NTP Public Services Project wrote:
> This release fixes the following high-severity vulnerability:
> * [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
>   http://bugs.ntp.org/1331
> See http://support.ntp.org/security for more information.

This security fix is also in 4.2.4p8.

Even a though a 4.2.6 tarball has been rolled out I don't see a 4.2.6 tag in
the bitkeeper -stable repo. There's only a 4.2.6-RC tag as of 2009-12-09.

4.2.6 contains a real bunch of changes against 4.2.4p8 which have not been
mentioned here, but significantly change the way ntpd works, so users
should carefully check if they want to upgrade to 4.2.6 right now.

Martin Burnicki

Meinberg Funkuhren
Bad Pyrmont

More information about the questions mailing list