Network Time Foundation Releases ntp-4.2.8-p8 Security Release
NTF announced the release of ntp-4.2.8p8 on 2 June 2016. This release contains fixes for one high and four low severity security-related issues, a four bug fixes and contains other improvements since ntp-4.2.8p7, which was released on 26 April 2016.
See the 2 June 2016 Security Announcement for more details.
Sec 3046 / CVE-2016-4957: Crypto-NAK crash
Sec 3045 / CVE-2016-4953: Bad authentication demobilizes ephemeral associations
Sec 3044 / CVE-2016-4954: Processing spoofed server packets
Sec 3043 / CVE-2016-4955: Autokey association reset
Sec 3042 / CVE-2016-4956: Broadcast interleave
To get a copy of ntp-4.2.8p8, please visit our download page.
Please review our NTF Security Policy and Procedure page for details on this latest announcement as well as our security patch policy, issue reporting instructions, and past security advisories.