NTP BUG 1593: ntpd abort in free() with logconfig syntax error

Last update: June 28, 2022 20:06 UTC (57417e17c)

Resolved	4.2.7p42 (Development) 4.2.8	18 Aug 2010 19 Dec 2014
References	Bug 1593	CVE-2015-5194
Affects	All ntp-4 releases up to and including 4.2.7p41.	Resolved in 4.2.8
CVSS2 Score	1.7 (worst case)	AV:N/AC:H/Au:M/C:N/I:N/A:P

If ntpd is not built with OpenSSL cryptography and ntpd is told to configure cryptography statistics, ntpd will crash.

Don’t specify cryptography statistics directives in unpatched releases of ntpd if your ntpd doesn’t support cryptography.
Upgrade to 4.2.8p4 or later.
Monitor your ntpd instances.

This issue was discovered and fixed by Dave Hart in 2010.