Candidate: CVE-2016-5117
PublicDate: 2017-01-31 19:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5117
 http://www.openwall.com/lists/oss-security/2016/05/23/2
Description:
 OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint
 requests, which allows remote attackers to bypass the man-in-the-middle
 mitigations via a crafted timestamp constraint with a valid certificate.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N [5.9 MEDIUM]

Patches_openntpd:
upstream_openntpd: needs-triage
precise_openntpd: ignored (reached end-of-life)
precise/esm_openntpd: DNE (precise was needs-triage)
trusty_openntpd: not-affected (code not present)
trusty/esm_openntpd: not-affected (code not present)
vivid/stable-phone-overlay_openntpd: DNE
vivid/ubuntu-core_openntpd: DNE
wily_openntpd: ignored (reached end-of-life)
xenial_openntpd: not-affected (vulnerable code not built)
yakkety_openntpd: ignored (reached end-of-life)
zesty_openntpd: ignored (reached end-of-life)
artful_openntpd: ignored (reached end-of-life)
bionic_openntpd: not-affected (1:6.0p1-1)
cosmic_openntpd: not-affected (1:6.0p1-1)
disco_openntpd: not-affected (1:6.0p1-1)
devel_openntpd: not-affected (1:6.0p1-1)