4.2.8p15 Release Announcement

Last update: June 28, 2022 21:06 UTC (1f97faf40)

The NTP Project at Network Time Foundation publicly released ntp-4.2.8p15 on Tuesday, 23 June 2020.

This release fixes one security issue in ntpd:

• MEDIUM: Sec 3661: Memory leak with CMAC keys

  Systems that use a CMAC algorithm in ntp.keys will not release a bit of memory on each packet that uses a CMAC key, eventually causing ntpd to run out of memory and fail. The CMAC cleanup, part of ntp-4.2.8p11 and ntp-4.3.97, introduced a bug whereby the CMAC data structure was no longer completely removed.

  Reported by Martin Burnicki of Meinberg.

and provides 13 bugfixes.

ENotification of these issues were delivered to our Institutional members on a rolling basis as they were reported and as progress was made.

---

Timeline:

• 2020 Jun 23: Public release
• 2020 Apr 12: Early Access Program Release: Premier and Partner Institutional Members
• 2020 Apr 07: Notification to Institutional Members
• 2020 Apr 01: Notification from reporter