4.2.8p1 Release Announcement

Last update: March 28, 2023 21:06 UTC (4798c81ce)

NTF’s NTP Project has been notified of a number of vulnerabilities from Neel Mehta and Stephen Roettger of Google’s Security Team.

The two most serious of these issues and four less serious issues have been resolved as of ntp-4.2.8, which was released on 18 December 2014.

The remaining two issues are addressed by 4.2.8p1, which was released on 4 February 2015.

These are the vulnerabilities from Neel Mehta and Stephen Roettger of Google’s Security Team:

Additionally, we are working to patch the known deficiencies in NTP’s Autokey protocol, as a stop-gap measure until the Network Time Security draft (which will replace Autokey) is ready to be deployed. These weaknesses were discovered by Dieter Sibold, PhD of PTB, and Stephen Roettger of the Google Security Team.


Timeline: