NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.
ntp-4.2.8p15
was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.
Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
TOC Test
a b
c prog
d
--
HarlanStenn - 02 Apr 2011
NTP and CVE-2014-0160 (the OpenSSL "Heartbleed" bug)
Harlan Stenn, Fri, 11 Apr 2014
On 7 Apr 2014 the
OpenSSL project (
http://openssl.org) disclosed
CVE-2014-0160, a very serious security flaw in an
OpenSSL
library often referred to as the "Heartbleed" bug. This flaw is present
in versions 1.0.1 and 1.0.2-beta (including
OpenSSL
1.0.1f and 1.0.2-beta1).
Since NTP can be linked against the
OpenSSL libraries, we've been asked if this vulnerability is a potential issue for NTP.
If NTP is linked against the
OpenSSL libraries, the only use of them is to provide digital signature support.
Since the vulnerabilities of CVE-2014-0160 are in parts of the
OpenSSL libraries that are not used by NTP, NTP is NOT at risk from CVE-2014-0160.
Harlan Stenn
NTP Project
Network Time Foundation
http://developer.linkedin.com/docs/DOC-1101#general-use
http://www.linkedin.com/groups?gid=3762445
NTP Project at LinkedIn
--
HarlanStenn - 2011-01-29