A ntp security update has been released for Debian GNU/Linux 8 LTS to address a Denial of Service (DoS) vulnerability.
DLA 2201-1: ntp security update
Package : ntp
Version : 1:4.2.6.p5+dfsg-7+deb8u3
CVE ID : CVE-2020-11868
A Denial of Service (DoS) vulnerability was discovered in the network
time protocol server/client, ntp.
ntp allowed an "off-path" attacker to block unauthenticated
synchronisation via a server mode packet with a spoofed source IP
address because transmissions were rescheduled even if a packet
lacked a valid "origin timestamp"
For Debian 8 "Jessie", this issue has been fixed in ntp version
1:4.2.6.p5+dfsg-7+deb8u3.
We recommend that you upgrade your ntp packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS