[ntp:security] [VU#961909] NTP security release

CERT(R) Coordination Center cert at cert.org
Wed Feb 21 15:30:22 UTC 2018


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Harlan,

This advisory looks fine. I am sending this to our vendor mailing lists right now. We're not planning to publish and will instead direct vendors to contact you directly (at the info listed in the advisory).

Let us know if you have any other questions.


Best Regards,

Garret WASSERMANN

Vulnerability Analysis Team
CERT Coordination Center (CERT/CC)
A division of:
Software Engineering Institute
Carnegie Mellon University

Harlan Stenn <stenn at nwtime.org> writes:
>Hi Art,
>
>How's this:
>
>The NTP Project at Network Time Foundation plans to release ntp-4.2.8p11
>on Tuesday, 27 February 2018.
>
>This release fixes 6 security items:
>* 2 low/medium -severity issues in ntpd
>* 1 informational/medium -severity issue in ntpd
>* 2 low-severity issues in ntpd
>* 1 medium-severity issue in ntpq
>
>Ntp-4.2.8p11 also includes 65 other non-security fixes and improvements.
>
>The NTP Project expects this to be the FINAL RELEASE of the 4.2.8 major
>release series.  Ntp-4.4.0 will be the next major release of the NTP
>Reference Implementation, and is expected to be available later this summer.
>
>Institutional members of the NTP Consortium at Network Time Foundation
>have already received details of these security items, and received
>early access to the source code for ntp-4.2.8p11 on 23 January 2018,
>with an updated tarball on 12 February 2018.
>
>If you would like to learn more about the details of what will be fixed
>in ntp-4.2.8p11 or obtain access to the source code before the public
>release, please contact Steve Sullivan <stevos at nwtime.org> .
>
>Timeline:
>* 2018 TENTATIVE: Feb 27: Public release
>* 2018 Feb 20: CERT notified
>* 2018 Feb 12: Updated code released to Advance Security
>	Partners containing security * fixes for Bugs 3453
>	and 3454, and FIPS and multicast regressions.
>* 2018 Feb 05: Bugs 3453 and 3454 reported.  Release delayed.
>* 2018 Jan 23: Initial code release to Advance Security Partners
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCAAGBQJajZB+AAoJEOPd3Dh7UC7P+lUQAJe1yX6jdGOvKCy+OSEzj8IJ
Fuw7UcTfep50jIiTe3wGLTKVxlJ9whJqDS1hvjyvNKzCE8vATEi2ylmjm8mr2YWa
/Xio2khFq2tNdUz55PPoM+ZREFFIRiMgmD926YpNee2nWupkT8H/HwaCLmkeC01W
uPyiqDZqgy1gSI3cHXtI+DKraZ7TGDKxvsRnjfr9oTG03dVytP89x2w4/xsw4gfm
MPhXYZzfkURaBb3guYSW8dnr/fes17Cqb6ZF8ouiZIARDFkpC4bPsPop+vRaegA+
MiA4JudsA/DDYbdftSNilQyNX/9pl6wF3Cqxue0gqkh61ZnBEepUOSM0JSY7hq12
tK7Agis0giAKAvAYqFVBzHR9NFQQ8ON0188VYmGGQf1RLlkgFhx4jxVg9YReQhP8
6lOST3Vtai9Z0IbLM6XVJ7DV3t4MzzJxg0p/p2QpRoyr6h2Lfp5miffuXBgErpRw
LnnRxTRZoRT1Z1WIi4ENQt4ioXPF7KK8rDOxqYd0WbK4yxGxaGX6NiTtlJ1iT//P
nPrZbiRuwX78vwbRi5WA3uinrlY5uiN9px5EbKbrFAVqxj+BakWN9cwXSeSAg50x
wfi8kPzDExRHmItAya5SU3Ll0KlPj/RRxezlfpwLGJsJXZeQZq/LIKHuR9lrZUsE
MJvGmjLW7pT6llPef16W
=znAW
-----END PGP SIGNATURE-----


More information about the security mailing list