A Denial of Service (DoS) vulnerability was discovered in the network time protocol server/client, ntp.
ntp allowed an "off-path" attacker to block unauthenticated synchronisation via a server mode packet with a spoofed source IP address because transmissions were rescheduled even if a packet lacked a valid "origin timestamp"
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp
For Debian 8 Jessie
, these problems have been fixed in version
1:4.2.6.p5+dfsg-7+deb8u3.
We recommend that you upgrade your ntp packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS