diff -up ntp-4.2.6p5/ntpd/ntp_control.c.cve-2015-8139 ntp-4.2.6p5/ntpd/ntp_control.c --- ntp-4.2.6p5/ntpd/ntp_control.c.cve-2015-8139 2016-05-24 10:59:44.177649871 +0200 +++ ntp-4.2.6p5/ntpd/ntp_control.c 2016-05-24 11:13:43.137913238 +0200 @@ -1607,6 +1607,7 @@ ctl_putpeer( ) { int temp; + l_fp tmpts; #ifdef OPENSSL char str[256]; struct autokey *ap; @@ -1725,11 +1726,17 @@ ctl_putpeer( break; case CP_ORG: - ctl_putts(peer_var[CP_ORG].text, &peer->aorg); + /* Don't disclose the fractional part */ + tmpts = peer->aorg; + tmpts.l_uf = 0; + ctl_putts(peer_var[CP_ORG].text, &tmpts); break; case CP_REC: - ctl_putts(peer_var[CP_REC].text, &peer->dst); + /* Don't disclose the fractional part */ + tmpts = peer->dst; + tmpts.l_uf = 0; + ctl_putts(peer_var[CP_REC].text, &tmpts); break; case CP_XMT: diff -up ntp-4.2.6p5/ntpd/ntp_request.c.cve-2015-8139 ntp-4.2.6p5/ntpd/ntp_request.c --- ntp-4.2.6p5/ntpd/ntp_request.c.cve-2015-8139 2016-05-24 10:59:26.990602908 +0200 +++ ntp-4.2.6p5/ntpd/ntp_request.c 2016-05-24 11:08:50.833125414 +0200 @@ -924,6 +924,11 @@ peer_info ( HTONL_FP(&pp->aorg, &ip->org); HTONL_FP(&pp->rec, &ip->rec); HTONL_FP(&pp->xmt, &ip->xmt); + /* Don't disclose the fractional part of timestamps that may be + useful in attacks using packets with spoofed source address */ + ip->org.l_uf = 0; + ip->rec.l_uf = 0; + ip->xmt.l_uf = 0; j = pp->filter_nextpt - 1; for (i = 0; i < NTP_SHIFT; i++, j--) { if (j < 0)