Ubuntu
ntpsec package

  1. Bug #1812458
  2. Comment #9

Comment 9 for bug 1812458

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ntpsec - 1.1.0+dfsg1-1ubuntu0.2

---------------
ntpsec (1.1.0+dfsg1-1ubuntu0.2) bionic-security; urgency=medium

  * Backport three commits from 1.1.3 to fix (LP: #1812458)
    - CVE-2019-6442: "An authenticated attacker can write one byte out of
      bounds in ntpd via a malformed config request, related to
      config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and
      yyerror in ntp_parser.y."
    - CVE-2019-6443: "Because of a bug in ctl_getitem, there is a stack-based
      buffer over-read in read_sysvars in ntp_control.c in ntpd.
    - CVE-2019-6444: "process_control() in ntp_control.c has a stack-based
      buffer over-read because attacker-controlled data is dereferenced by
      ntohl() in ntpd."
    - CVE-2019-6445: "An authenticated attacker can cause a NULL pointer
      dereference and ntpd crash in ntp_control.c, related to ctl_getitem."

 -- Richard Laager <email address hidden> Fri, 18 Jan 2019 20:07:06 -0600