BitShares Forum

Main => Stakeholder Proposals => Topic started by: rnglab on November 06, 2015, 11:08:58 pm

Title: ntp version
Post by: rnglab on November 06, 2015, 11:08:58 pm: ntp packages for debian and ubuntu are seriously outdated.

http://www.cs.bu.edu/~goldbe/papers/NTPattack.pdf (http://www.cs.bu.edu/~goldbe/papers/NTPattack.pdf)

http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities (http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities)

We should all build last ntp version from source (4.2.8p4).

Code: [Select]
ntpd --version ntpd 4.2.8p4
Title: Re: ntp version
Post by: rnglab on November 07, 2015, 01:09:02 am: As Bhuz noted, Ubuntu released the respective security patches:
http://www.ubuntu.com/usn/usn-2783-1/ (http://www.ubuntu.com/usn/usn-2783-1/)

As well as Debian:
http://metadata.ftp-master.debian.org/changelogs//main/n/ntp/ntp_4.2.6.p5+dfsg-7+deb8u1_changelog (http://metadata.ftp-master.debian.org/changelogs//main/n/ntp/ntp_4.2.6.p5+dfsg-7+deb8u1_changelog)

So a package upgrade should be enough.
Don't know why both OSs stay on version 4.2.6 though.

SMF 2.0.18 | SMF © 2021, Simple Machines