r16 - 2011-12-25 - 03:26:42 - SteveKosteckeYou are here: NTP >  Main Web > SoftwareDownloads > ChangesStable
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p15 was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

Stable Release NEWS

NTP 4.2.6p5 (Harlan Stenn , 2011/12/24)

Focus: Bug fixes

Severity: Medium

This is a recommended upgrade.

This release updates sys_rootdisp and sys_jitter calculations to match the RFC specification, fixes a potential IPv6 address matching error for the "nic" and "interface" configuration directives, suppresses the creation of extraneous ephemeral associations for certain broadcastclient and multicastclient configurations, cleans up some ntpq display issues, and includes improvements to orphan mode, minor bug fixes and code clean-ups.

New features / changes in this release:


  • Updated "nic" and "interface" IPv6 address handling to prevent mismatches with localhost [::1] and wildcard [::] which resulted from using the address/prefix format (e.g. fe80::/64)
  • Fix orphan mode stratum incorrectly counting to infinity
  • Orphan parent selection metric updated to includes missing ntohl()
  • Non-printable stratum 16 refid no longer sent to ntp
  • Duplicate ephemeral associations suppressed for broadcastclient and multicastclient without broadcastdelay
  • Exclude undetermined sys_refid from use in loopback TEST12
  • Exclude MODE_SERVER responses from KoD rate limiting
  • Include root delay in clock_update() sys_rootdisp calculations
  • get_systime() updated to exclude sys_residual offset (which only affected bits "below" sys_tick, the precision threshold)
  • sys.peer jitter weighting corrected in sys_jitter calculation


  • -n option extended to include the billboard "server" column
  • IPv6 addresses in the local column truncated to prevent overruns

more Complete NEWS file
more Complete Change Log

Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r17 < r16 < r15 < r14 < r13 | More topic actions...
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback