Network Time Foundation Publishes NTP 4.2.8p9

November 21, 2016 by Sue Graves

NTF’s Network Time Protocol (NTP) Project released ntp-4.2.8p9 on 21 November 2016, its first update since ntp-4.2.8p8 was released in June. The latest version addresses the following:

  • 1 HIGH severity vulnerability that only affects Windows

  • 2 MEDIUM severity vulnerabilities

  • 2 MEDIUM/LOW severity vulnerabilities

  • 5 LOW severity vulnerabilities

  • 28 non-security fixes and improvements

All of the security issues in this release are included in VU#633847.

Timeline:

  • 20161121 Public release

  • 20161118 Updated NEWS file

  • 20161115 CERT notified

  • 20161114 NTP Consortium Partner and Premier level members received access to patches

We would have preferred to give much more notice to our members and CERT, however, NTF’s NTP project remains severely under-funded. Google was unable to sponsor us this year and, currently, the Linux Foundation’s Core Internet Initiative only supports Harlan for about 25% of his hours per week and is restricted to NTP development only. We sincerely appreciate the support of our members and donors; much more support is needed to continue to improve NTP, complete the Network Time Security (NTS) project, continue our standards work, improve documentation, start on General Timestamp API and so much more. If accurate, secure time is important to you or your organization, help us help you: Donate today or become a member. Thank you!

Share on: