[ntp:security] [VU#961909] NTP security release
stenn at nwtime.org
Wed Feb 21 23:29:15 UTC 2018
On 2/21/18 7:27 AM, CERT(R) Coordination Center wrote:
> Hi Harlan,
> This advisory looks fine. I am sending this to our vendor mailing lists right now. We're not planning to publish and will instead direct vendors to contact you directly (at the info listed in the advisory).
> Let us know if you have any other questions.
> Best Regards,
> Garret WASSERMANN
> Vulnerability Analysis Team
> CERT Coordination Center (CERT/CC)
> A division of:
> Software Engineering Institute
> Carnegie Mellon University
> Harlan Stenn <stenn at nwtime.org> writes:
>> Hi Art,
>> How's this:
>> The NTP Project at Network Time Foundation plans to release ntp-4.2.8p11
>> on Tuesday, 27 February 2018.
>> This release fixes 6 security items:
>> * 2 low/medium -severity issues in ntpd
>> * 1 informational/medium -severity issue in ntpd
>> * 2 low-severity issues in ntpd
>> * 1 medium-severity issue in ntpq
>> Ntp-4.2.8p11 also includes 65 other non-security fixes and improvements.
>> The NTP Project expects this to be the FINAL RELEASE of the 4.2.8 major
>> release series. Ntp-4.4.0 will be the next major release of the NTP
>> Reference Implementation, and is expected to be available later this summer.
>> Institutional members of the NTP Consortium at Network Time Foundation
>> have already received details of these security items, and received
>> early access to the source code for ntp-4.2.8p11 on 23 January 2018,
>> with an updated tarball on 12 February 2018.
>> If you would like to learn more about the details of what will be fixed
>> in ntp-4.2.8p11 or obtain access to the source code before the public
>> release, please contact Steve Sullivan <stevos at nwtime.org> .
>> * 2018 TENTATIVE: Feb 27: Public release
>> * 2018 Feb 20: CERT notified
>> * 2018 Feb 12: Updated code released to Advance Security
>> Partners containing security * fixes for Bugs 3453
>> and 3454, and FIPS and multicast regressions.
>> * 2018 Feb 05: Bugs 3453 and 3454 reported. Release delayed.
>> * 2018 Jan 23: Initial code release to Advance Security Partners
Harlan Stenn <stenn at nwtime.org>
http://networktimefoundation.org - be a member!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 699 bytes
Desc: OpenPGP digital signature
More information about the security