Ubuntu – How to be sure that I’m using NTP version 4.2.8p1 or equivalent


I've recently read about the vulnerabilities within ntp, here which can be closed by installing ntp version 4.2.8p1.

However, I've used apt-get to install the latest version of ntp, on an Ubuntu 14.04.2 server, but this is only version 4.2.6p5. I can't find a newer version by browsing the repositories, although I'm fairly new to doing this, so may have missed it. Even Vivid Vervet is showing 4.2.6p5. I'm assuming there's a review process for version changes which is still pending.

Best Answer

From usn-2497-1 it is stated you need to upgrade to ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.2. To me that is the same as your 4.2.6p5 though yours is shortend.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 14.10: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.10.2

Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.2

Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.3

Ubuntu 10.04 LTS: ntp 1:4.2.4p8+dfsg-1ubuntu2.3

The security/updates states you can run update-manager from commandline to check if there are pending security updates. If that does nothing you are updated.

In Ubuntu, patches are typically backported, and the upstream version (4.2.6.p5) remains the same, and the debian revision (3ubuntu2.14.04.2) is updated. When in doubt, check the Ubuntu Security Notices and the package changelog.

Related Question