[Bug 1404648] Re: security issues in ntp

Jamie Strandboge jamie at ubuntu.com
Sun Dec 21 17:25:15 UTC 2014 

Thanks for the bug. These issues are being tracked here:
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9293.html
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9294.html
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9295.html
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9296.html

and there are test packages here:
https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages

Note: Ubuntu has mitigations in the default install that lesson the
severity of two of the CVEs.

** Information type changed from Private Security to Public Security

** Changed in: ntp (Ubuntu)
       Status: New => In Progress

** Also affects: ntp (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Also affects: ntp (Ubuntu Lucid)
   Importance: Undecided
       Status: New

** Also affects: ntp (Ubuntu Utopic)
   Importance: Undecided
       Status: New

** Also affects: ntp (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Changed in: ntp (Ubuntu Lucid)
       Status: New => In Progress

** Changed in: ntp (Ubuntu Lucid)
   Importance: Undecided => Medium

** Changed in: ntp (Ubuntu Lucid)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: ntp (Ubuntu Precise)
       Status: New => In Progress

** Changed in: ntp (Ubuntu Precise)
   Importance: Undecided => Medium

** Changed in: ntp (Ubuntu Precise)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: ntp (Ubuntu Trusty)
       Status: New => In Progress

** Changed in: ntp (Ubuntu Trusty)
   Importance: Undecided => Medium

** Changed in: ntp (Ubuntu Trusty)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: ntp (Ubuntu Utopic)
       Status: New => In Progress

** Changed in: ntp (Ubuntu Utopic)
   Importance: Undecided => Medium

** Changed in: ntp (Ubuntu Utopic)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9293

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9294

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9295

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9296

** Changed in: ntp (Ubuntu)
       Status: In Progress => Triaged

** Changed in: ntp (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1404648

Title:
  security issues in ntp

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1404648/+subscriptions

More information about the Ubuntu-server-bugs mailing list