BitShares Forum
Main => Stakeholder Proposals => Topic started by: rnglab on November 06, 2015, 11:08:58 pm
-
ntp packages for debian and ubuntu are seriously outdated.
http://www.cs.bu.edu/~goldbe/papers/NTPattack.pdf (http://www.cs.bu.edu/~goldbe/papers/NTPattack.pdf)
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities (http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities)
We should all build last ntp version from source (4.2.8p4).
ntpd --version
ntpd 4.2.8p4
-
As Bhuz noted, Ubuntu released the respective security patches:
http://www.ubuntu.com/usn/usn-2783-1/ (http://www.ubuntu.com/usn/usn-2783-1/)
As well as Debian:
http://metadata.ftp-master.debian.org/changelogs//main/n/ntp/ntp_4.2.6.p5+dfsg-7+deb8u1_changelog (http://metadata.ftp-master.debian.org/changelogs//main/n/ntp/ntp_4.2.6.p5+dfsg-7+deb8u1_changelog)
So a package upgrade should be enough.
Don't know why both OSs stay on version 4.2.6 though.