Important ntpd vulnerability, please upgrade

As you might have seen a few days ago several potentially critical security vulnerabilities in all versions of ntpd were announced.

Most OS’es have released back-ported fixes. Depending on your specific ntp and network configuration you might not be exposed, but the easiest way to make sure your systems aren’t vulnerable is to apply the software updates and make sure ntpd has restarted on the fixed version.

Alternatively you can read the announcement page linked above carefully and make configuration changes to mitigate the issues.

If you have built ntpd from source, the easiest fix is to update to 4.2.8. If you have trouble building that version, there’s a “4.2.8p1-beta1” version available now from support.ntp.org as well with some fixes.

If you aren’t already subscribed then you might be interested in subscribing to the NTP Pool discussion mailing list. For general discussion of NTP there’s the comp.protocols.time.ntp newsgroup.