News from 2009-01-08


Software: New NTP Version for Windows (4.2.4p6) - Security Update


Today the NTP Public Services Project announced the availability of a security update for their stable NTP version dubbed 4.2.4p6. Based on this new point release Meinberg Radio Clocks updated their NTP Installer for Windows and the new installer will now install NTP 4.2.4p6 and the current version of OpenSSL (0.9.8j) on all Windows NT, Windows 2000, Windows XP, Windows 2003, Windows Vista and Windows 2008 systems.

Meinberg provides a secure and easy-to-use installer for NTP which allows everybody to install the stable version of the reference implementation of NTP as provided by www.ntp.org in cooperation with the NTP Public Services Project. The installer can be used on all systems running a Microsoft Windows Operating system (starting with Windows NT SP6a).

A simple automatic update mechanism optionally allows to simply replace the binaries of an installed NTP version. This is detected when the installer starts and can be safely selected for 4.2.4p5 installations. Older NTP versions should be removed before the new NTP 4.2.4p6 version is installed. Uninstalling the existing version can be performed by the installer as well and will be offered if the user does not want to use the simple binaries replacement approach.

The original announcement of the new NTP version has been published as follows:

Redwood City, CA - 2009/01/08 - The NTP Public Services Project (http://support.ntp.org/) is pleased to announce that NTP 4.2.4p6, a Point Release of the NTP Reference Implementation from the NTP Project, is now available at http://www.ntp.org/downloads.html and http://support.ntp.org/download.

This release fixes oCERT.org's CVE-2009-0021, a vulnerability affecting the OpenSSL library relating to the incorrect checking of the return value of EVP_VerifyFinal function.

Credit for finding this issue goes to the Google Security Team for finding the original issue with OpenSSL, and to ocert.org for finding the problem in NTP and telling us about it.

This is a recommended upgrade. The file-size of this Point Release is 3443787 bytes. An MD5 sum of this release is available at http://www.ntp.org/downloads.html and http://support.ntp.org/download.

Please report any bugs, issues, or desired enhancements at http://bugs.ntp.org/.

The NTP (Network Time Protocol) Public Services Project, which is hosted by Internet Systems Consortium, Inc. (http://www.isc.org/), provides support and additional development resources for the Reference Implementation of NTP produced by the NTP Project (http://www.ntp.org/).

Please note that the mentioned MD5 checksum as well as the download links in the announcement refer to the source distribution of NTP and do not apply for the ready-to-run prebuilt binary version included in the Meinberg NTP installer. Questions concerning the update or the use of the reference implementation of NTP for time synchronization of Windows machines can be sent to ntp-support@meinberg.de.

The download link for the NTP installer can be found on the Meinberg NTP Download page.


Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact