Debian 10262 Published by

A ntp security update has been released for Debian GNU/Linux 8 LTS to address a Denial of Service (DoS) vulnerability.



DLA 2201-1: ntp security update



Package : ntp
Version : 1:4.2.6.p5+dfsg-7+deb8u3
CVE ID : CVE-2020-11868

A Denial of Service (DoS) vulnerability was discovered in the network
time protocol server/client, ntp.

ntp allowed an "off-path" attacker to block unauthenticated
synchronisation via a server mode packet with a spoofed source IP
address because transmissions were rescheduled even if a packet
lacked a valid "origin timestamp"

For Debian 8 "Jessie", this issue has been fixed in ntp version
1:4.2.6.p5+dfsg-7+deb8u3.

We recommend that you upgrade your ntp packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at:   https://wiki.debian.org/LTS