FreeBSD: VID-591a706b-5cdc-11ea-9a0a-206a8a720317: ntp -- Multiple vulnerabilities

nwtime.org reports: Three ntp vulnerabilities, Depending on configuration, may have little impact up to termination of the ntpd process. NTP Bug 3610: Process_control() should exit earlier on short packets. On systems that override the default and enable ntpdc (mode 7) fuzz testing detected that a short packet will cause ntpd to read uninitialized data. NTP Bug 3596: An unauthenticated unmonitored ntpd is vulnerable to attack on IPv4 with highly predictable transmit timestamps. An off-path attacker who can query time from the victim's ntp which receives time from an unauthenticated time source must be able to send from a spoofed IPv4 address of upstream ntp server and and the victim must be able to process a large number of packets with the spoofed IPv4 address of the upstream server. After eight or more successful attacks in a row the attacker can either modify the victim's clock by a small amount or cause ntpd to terminate. The attack is especially effective when unusually short poll intervals have been configured. NTP Bug 3592: The fix for https://bugs.ntp.org/3445 introduced a bug such that a ntp can be prevented from initiating a time volley to its peer resulting in a DoS. All three NTP bugs may result in DoS or terimation of the ntp daemon.