I've recently read about the vulnerabilities within ntp, here which can be closed by installing ntp version 4.2.8p1.
However, I've used apt-get
to install the latest version of ntp, on an Ubuntu 14.04.2 server, but this is only version 4.2.6p5. I can't find a newer version by browsing the repositories, although I'm fairly new to doing this, so may have missed it. Even Vivid Vervet is showing 4.2.6p5. I'm assuming there's a review process for version changes which is still pending.
Best Answer
From usn-2497-1 it is stated you need to upgrade to
ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.2
. To me that is the same as your4.2.6p5
though yours is shortend.The security/updates states you can run
update-manager
from commandline to check if there are pending security updates. If that does nothing you are updated.In Ubuntu, patches are typically backported, and the upstream version (
4.2.6.p5
) remains the same, and the debian revision (3ubuntu2.14.04.2
) is updated. When in doubt, check the Ubuntu Security Notices and the package changelog.