What Are You Looking For?

Sign Up
--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2009-0544
2009-01-14 23:38:30
--------------------------------------------------------------------------------Name        : ntp
Product     : Fedora 10
Version     : 4.2.4p6
Release     : 1.fc10
URL         : http://www.ntp.org
Summary     : The NTP daemon and utilities
Description :
The Network Time Protocol (NTP) is used to synchronize a computer's
time with another reference time source. This package includes ntpd
(a daemon which continuously adjusts system time) and utilities used
to query and configure the ntpd daemon.

Perl scripts ntp-wait and ntptrace are in the ntp-perl package and
the ntpdate program is in the ntpdate package.

--------------------------------------------------------------------------------Update Information:

This update fixes CVE-2009-0021:    NTP 4.2.4 before 4.2.4p5 and 4.2.5 before
4.2.5p150 does not properly check the return value from the OpenSSL
EVP_VerifyFinal function, which allows remote attackers to bypass validation of
the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys,
a similar vulnerability to CVE-2008-5077.
--------------------------------------------------------------------------------ChangeLog:

* Mon Jan 12 2009 Miroslav Lichvar  4.2.4p6-1
- update to 4.2.4p6 (CVE-2009-0021)
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #476807 - CVE-2009-0021 ntp incorrectly checks for malformed signatures
        https://bugzilla.redhat.com/show_bug.cgi?id=476807
--------------------------------------------------------------------------------This update can be installed with the "yum" update program.  Use 
su -c 'yum update ntp' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce

Fedora 10 Update: ntp-4.2.4p6-1.fc10

January 26, 2009
This update fixes CVE-2009-0021: NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which ...

Summary

The Network Time Protocol (NTP) is used to synchronize a computer's

time with another reference time source. This package includes ntpd

(a daemon which continuously adjusts system time) and utilities used

to query and configure the ntpd daemon.

Perl scripts ntp-wait and ntptrace are in the ntp-perl package and

the ntpdate program is in the ntpdate package.

This update fixes CVE-2009-0021: NTP 4.2.4 before 4.2.4p5 and 4.2.5 before

4.2.5p150 does not properly check the return value from the OpenSSL

EVP_VerifyFinal function, which allows remote attackers to bypass validation of

the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys,

a similar vulnerability to CVE-2008-5077.

* Mon Jan 12 2009 Miroslav Lichvar 4.2.4p6-1

- update to 4.2.4p6 (CVE-2009-0021)

[ 1 ] Bug #476807 - CVE-2009-0021 ntp incorrectly checks for malformed signatures

https://bugzilla.redhat.com/show_bug.cgi?id=476807

su -c 'yum update ntp' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

http://fedoraproject.org/keys

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-package-announce

FEDORA-2009-0544 2009-01-14 23:38:30 Product : Fedora 10 Version : 4.2.4p6 Release : 1.fc10 URL : http://www.ntp.org Summary : The NTP daemon and utilities Description : The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. This package includes ntpd (a daemon which continuously adjusts system time) and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package and the ntpdate program is in the ntpdate package. This update fixes CVE-2009-0021: NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. * Mon Jan 12 2009 Miroslav Lichvar 4.2.4p6-1 - update to 4.2.4p6 (CVE-2009-0021) [ 1 ] Bug #476807 - CVE-2009-0021 ntp incorrectly checks for malformed signatures https://bugzilla.redhat.com/show_bug.cgi?id=476807 su -c 'yum update ntp' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce

Change Log

References

Update Instructions

Severity
Product : Fedora 10
Version : 4.2.4p6
Release : 1.fc10
URL : http://www.ntp.org
Summary : The NTP daemon and utilities

Related News

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Linux 6.7 Introduces "make hardening.config" To Help Build A Hardened Kernel

Nov 5, 2023

Linux 6.6 Brings New Scheduler, File Sharing and Security

Nov 2, 2023

Long-term Support for Linux Kernel to Be Cut as Maintenance Remains Under Strain

Sep 21, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo