Network Time Foundation Publishes NTP 4.2.8-p10

Network Time Foundation publishes NTP 4.2.8p10, with security, bug and information fixes, and enhancements As part of the Mozilla Foundation’s Secure Open Source (SOS) program they conducted a security audit of the NTP codebase. This release addresses the issues found along with a zero origin security bug. NTF’s Network Time Protocol (NTP) Project released ntp-428p10… Read More.

Network Time Foundation Publishes NTP 4.2.8p9

Network Time Foundation publishes NTP 4.2.8p9, with security, bug fixes, and enhancements NTF’s Network Time Protocol (NTP) Project released ntp-4.2.8p9 on 21 November 2016, its first update since ntp-4.2.8p8 was released in June. The latest version addresses the following: 1 HIGH severity vulnerability that only affects Windows 2 MEDIUM severity vulnerabilities 2 MEDIUM/LOW severity vulnerabilities… Read More.

The Importance of Supporting Open Source

Here is a great five-minute Ignite Tampa 2016 talk by Jacob Redding on supporting open source software. You can view the slides here. As a 501(c)(3) nonprofit, NTF relies on institutional and individual membership dues, and in return we provide our members with advanced security notifications and patches, collaborative feature planning, priority bug fixes, and… Read More.

NTF releases ntp-4.2.8p8 security patch

Network Time Foundation Releases ntp-4.2.8-p8 Security Release NTF announced the release of ntp-4.2.8p8 on 2 June 2016. This release contains fixes for one high and four low severity security-related issues, a four bug fixes and contains other improvements since ntp-4.2.8p7, which was released on 26 April 2016. See the 2 June 2016 Security Announcement for… Read More.

NTF releases ntp-4.2.8p7 security patch

Network Time Foundation Releases ntp-4.2.8-p7 Security Release NTF announced the release of ntp-4.2.8p7 on 26 April 2016. This release contains fixes for nine low and medium severity security-related issues, two security issue mitigations, 16 bug fixes, and code improvements since ntp-4.2.8p6, which was released on 19 January 2016. See the 26 April 2016 Security Announcement… Read More.

NTP Security Issues as Big Move Looms

Harlan Stenn Tackles NTP Security Issues as Big Move Looms 28March2016 – InformationWeek – by Charles Babcock There’s not a business in existence today whose operations don’t rely on the Network Time Protocol (NTP). Harlan Stenn is the chief maintainer of NTP. In the past year, security researchers have raised a number of concerns about… Read More.

NTF releases ntp-4.2.8p6 security patch

January 2016 NTP 4.2.8p6 Security Vulnerability Announcement NTF announced the release of ntp-4.2.8p6 on 19 January 2016. This release contains nine security-related fixes, two security issue mitigations, and some minor bug fixes and code improvements since NTP 4.2.8p5, which was released on 7 January 2016. Bug 2948 / CVE-2015-8158: Potential Infinite Loop in ntpq CVSS2:… Read More.

NTP 4.2.8p5 Release Announcement

January 2016 NTP 4.2.8p5 Security Vulnerability Announcement NTP 4.2.8p5, released on 7 January 2016, contains two security-related issues and several minor bug fixes and code improvements since NTP 4.2.8p4, which was released on 21 October 2015. Bug 2956: CVE-2015-5300 Small-step/Big-step This issue was published in October by Boston University. When it was first discovered, we… Read More.

NTF releases NTP Security patches in ntp-4.2.8p4

Network Time Foundation (NTF) releases ntp-4.2.8p4 containing several security patches. NTF’s NTP Project has released ntp-4.2.8p4, which fixes thirteen (13) low- and medium-severity security bugs and also includes about 100 bug fixes and code improvements since 4.2.8p3, which was released on the 29th of June, 2015. Here is a summary, and see NTF’s NTP Project’s… Read More.

Network Time Security – NTS replacing Autokey

Network Time Foundation is Improving its NTP Project Security with NTS – Network Time Security Project First, some history about Network Time Protocol (NTP) and authentication. NTP saw its original cryptographic authentication code back around 1992, in the ntp3 distribution, when it used MD5 hashes to authenticate remote configuration requests. This was a “private key”… Read More.