4.2.8p15 Release Announcement
Last update: June 28, 2022 21:06 UTC (1f97faf40)
The NTP Project at Network Time Foundation publicly released ntp-4.2.8p15 on Tuesday, 23 June 2020.
This release fixes one security issue in
- MEDIUM: Sec 3661: Memory leak with CMAC keys
- Systems that use a CMAC algorithm in
ntp.keys will not release a bit of memory on each packet that uses a CMAC key, eventually causing
ntpd to run out of memory and fail. The CMAC cleanup, part of ntp-4.2.8p11 and ntp-4.3.97, introduced a bug whereby the CMAC data structure was no longer completely removed.
- Reported by Martin Burnicki of Meinberg.
and provides 13 bugfixes.
ENotification of these issues were delivered to our Institutional members on a rolling basis as they were reported and as progress was made.