The NTP Project at Network Time Foundation publicly released ntp-4.2.8p15 on Tuesday, 23 June 2020.
This release fixes one security issue in ntpd and provides 13 bugfixes:
- MEDIUM: Sec 3661: Memory leak with CMAC keys
- Systems that use a CMAC algorithm in ntp.keys will not release a bit of memory on each packet that uses a CMAC key, eventually causing ntpd to run out of memory and fail. The CMAC cleanup from https://bugs.ntp.org/3447, part of ntp-4.2.8p11 and ntp-4.3.97, introduced a bug whereby the CMAC data structure was no longer completely removed.
ENotifications of these issues were delivered to NTP Institutional Members on a rolling basis as they were reported and as progress was made. Timeline:
- 2020 Jun 23: Public release
- 2020 Apr 12: First Release to Advance Security Partners
- 2020 Apr 07: Notification to Institutional Members
- 2020 Apr 01: Notification from reporter
Download the code at: http://www.ntp.org/downloads.html
Donate at: https://www.nwtime.org/donate/ 😊