Fedora 24: 2017-72323a442f Critical NTP Denial Of Service Update

The Network Time Protocol (NTP) is used to synchronize a computer's

time with another reference time source. This package includes ntpd

(a daemon which continuously adjusts system time) and utilities used

to query and configure the ntpd daemon.

Perl scripts ntp-wait and ntptrace are in the ntp-perl package,

ntpdate is in the ntpdate package and sntp is in the sntp package.

The documentation is in the ntp-doc package.

Security fix for CVE-2017-6464 CVE-2017-6462 CVE-2017-6463 CVE-2017-6458

CVE-2017-6451.

[ 1 ] Bug #1434011 - CVE-2017-6451 ntp: Improper use of snprintf() in mx4200_send()

https://bugzilla.redhat.com/show_bug.cgi?id=1434011

[ 2 ] Bug #1434005 - CVE-2017-6458 ntp: Potential Overflows in ctl_put() functions

https://bugzilla.redhat.com/show_bug.cgi?id=1434005

[ 3 ] Bug #1434002 - CVE-2017-6463 ntp: Authenticated DoS via Malicious Config Option

https://bugzilla.redhat.com/show_bug.cgi?id=1434002

[ 4 ] Bug #1433995 - CVE-2017-6462 ntp: Buffer Overflow in DPTS Clock

https://bugzilla.redhat.com/show_bug.cgi?id=1433995

[ 5 ] Bug #1433987 - CVE-2017-6464 ntp: Denial of Service via Malformed Config

https://bugzilla.redhat.com/show_bug.cgi?id=1433987

su -c 'dnf upgrade ntp' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org