Ubuntu Security Notice 3707-2 - USN-3707-1 and USN-3349-1 fixed several vulnerabilities in NTP. This update provides the corresponding update for Ubuntu 12.04 ESM. Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. A remote attacker could possibly use this issue to perform a denial of service. Various other issues were also addressed.
2f54f1b535f2b9e7d16c597307f59f6d
Ubuntu Security Notice 3349-1 - Yihan Lian discovered that NTP incorrectly handled certain large request data values. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. Various other issues were also addressed.
f7f3fa44faf862974b40f78bbb8b5cbc
HPE Security Bulletin HPESBUX03706 1 - Potential security vulnerabilities have been identified in the HP-UX-NTP service running ntpd. These vulnerabilities could be exploited remotely to allow a denial of service (DoS), unauthorized modification, and access restriction bypass. Revision 1 of this advisory.
306b728da60c9fcd8841d044fe0cd334
Red Hat Security Advisory 2017-0252-01 - The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources.
d27eb248d654333b1e45ed56dfbc614a
FreeBSD Security Advisory - Multiple vulnerabilities have been discovered in the NTP suite.
758701c6c332f8937e8764717b895f4a