[ntp:security] NTP security release VCALL-5984

Harlan Stenn stenn at nwtime.org
Tue Feb 20 23:56:11 UTC 2018


Hi Art,

How's this:

The NTP Project at Network Time Foundation plans to release ntp-4.2.8p11
on Tuesday, 27 February 2018.

This release fixes 6 security items:
* 2 low/medium -severity issues in ntpd
* 1 informational/medium -severity issue in ntpd
* 2 low-severity issues in ntpd
* 1 medium-severity issue in ntpq

Ntp-4.2.8p11 also includes 65 other non-security fixes and improvements.

The NTP Project expects this to be the FINAL RELEASE of the 4.2.8 major
release series.  Ntp-4.4.0 will be the next major release of the NTP
Reference Implementation, and is expected to be available later this summer.

Institutional members of the NTP Consortium at Network Time Foundation
have already received details of these security items, and received
early access to the source code for ntp-4.2.8p11 on 23 January 2018,
with an updated tarball on 12 February 2018.

If you would like to learn more about the details of what will be fixed
in ntp-4.2.8p11 or obtain access to the source code before the public
release, please contact Steve Sullivan <stevos at nwtime.org> .

Timeline:
* 2018 TENTATIVE: Feb 27: Public release
* 2018 Feb 20: CERT notified
* 2018 Feb 12: Updated code released to Advance Security
	Partners containing security * fixes for Bugs 3453
	and 3454, and FIPS and multicast regressions.
* 2018 Feb 05: Bugs 3453 and 3454 reported.  Release delayed.
* 2018 Jan 23: Initial code release to Advance Security Partners


-- 
Harlan Stenn <stenn at nwtime.org>
http://networktimefoundation.org - be a member!


More information about the security mailing list