[ntp:questions] NTP 4.2.4p7 Released

NTP Public Services Project webmaster at ntp.org
Mon May 18 15:53:53 UTC 2009


Redwood City, CA - 2009/05/18 - The NTP Public Services Project
(http://support.ntp.org/) is pleased to announce that NTP 4.2.4p7,
a Point Release of the NTP Reference Implementation from the
NTP Project, is now available at http://www.ntp.org/downloads.html and
http://support.ntp.org/download.

Security Updates:

* [Sec 1144] limited (two byte) buffer overflow in ntpq.  CVE-2009-0159
  Credit for finding this vulnerability goes to Geoff Keating of Apple.
   http://bugs.ntp.org/1144
* [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows
  Credit for finding this issue goes to Dave Hart.
   http://bugs.ntp.org/1149
* [Sec 1151] Remote exploit if autokey is enabled.  CVE-2009-1252
   http://bugs.ntp.org/1151

Other Changes:

* Fix many compiler warnings
* Many fixes and improvements for Windows
* Adds support for AIX 6.1
* Resolves some issues under MacOS X and Solaris
* Improved logging

The file-size of this Point Release is 3382146 bytes. An MD5 sum
of this release is available at http://www.ntp.org/downloads.html and
http://support.ntp.org/download.

Please report any bugs, issues, or desired enhancements at
http://bugs.ntp.org/.

The NTP (Network Time Protocol) Public Services Project, which is
hosted by Internet Systems Consortium, Inc. (http://www.isc.org/),
provides support and additional development resources for the
Reference Implementation of NTP produced by the NTP Project
(http://www.ntp.org/).  




More information about the questions mailing list