[ntp:security] NTP Windows OPENSSL version 1.0.0.3

Danny Mayer mayer at ntp.org
Thu Jan 22 04:58:34 UTC 2015


On 1/21/2015 7:03 PM, manuwx wrote:
> Dear Sir or Madam:
> 
> I work supporting FAA in Washington DC.  As a part of research I am
> doing to support my customer here, my que is :Â  Is this version
> susceptible to vulnerabilities cited under the US CERT advisory cited below:
> 
> https://www.us-cert.gov/ncas/current-activity/2014/06/05/OpenSSL-Releases-Security-Advisory​
> 
> 
> 
> Best regards,
> 
> Mike Manoj  M.B.A., M.S.I.S., PMP, CISSP, CCSK, CSSLP, ISSMP, CISM 
> Cell:Â 301-633-0776
> 

Mike,

You don't say here what version of NTP you are using or where you are
getting it from. If you are building it yourself then you should always
use the latest version of OpenSSL during the build and deployment. If
you you are getting the binary from elsewhere then you need to ask your
question to the people releasing the binaries.

We are expecting to release NTP 4.2.8p1 within the next several weeks
which will address a problem with building this on Windows. We recommend
that you use this version when it becomes available.

Danny



More information about the security mailing list