来源:NTP官网
发布日期:2020-06-23
阅读次数:3699
评论:0
更新标题
June 2020 ntp-4.2.8p15 NTP Release and Security Vulnerability Announcement
更新详情
The NTP Project at Network Time Foundation publicly released ntp-4.2.8p15 on Tuesday, 23 June 2020.
This release fixes one security issue in ntpd:
MEDIUM: Sec 3661: Memory leak with CMAC keys
Systems that use a CMAC algorithm in ntp.keys will not release a bit of memory on each packet that uses a CMAC key, eventually causing ntpd to run out of memory and fail. The CMAC cleanup from https://bugs.ntp.org/3447, part of ntp-4.2.8p11 and ntp-4.3.97, introduced a bug whereby the CMAC data structure was no longer completely removed.
Reported by Martin Burnicki of Meinberg.
and provides 13 bugfixes.
ENotification of these issues were delivered to our Institutional members on a rolling basis as they were reported and as progress was made.
Timeline:
2020 Jun 23: Public release
2020 Apr 12: First Release to Advance Security Partners
2020 Apr 07: Notification to Institutional Members
2020 Apr 01: Notification from reporter
软件描述
NTP是用来使计算机时间同步化的一种协议,它可以使计算机对其服务器或时钟源(如石英钟,GPS等等)做同步化,它可以提供高精准度的时间校正(LAN上与标准间差小于1毫秒,WAN上几十毫秒),且可介由加密确认的方式来防止恶毒的协议攻击。NTP的目的是在无序的Internet环境中提供精确和健壮的时间服务。
评论