Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 545
Alerts This Week
Warning Icon 1 545

Fedora 24 Critical Advisory: NTP Security Patch for DoS Attacks

fedora
Calendar Grey December 7, 2016
Scroller Fedora Esm H88
Security patch addressing various flaws in the NTP service within Fedora 24, improving reliability of time syncing.
Security fix for CVE-2016-7433, CVE-2016-7426, CVE-2016-7429, CVE-2016-9310, CVE-2016-9311

Summary

The Network Time Protocol (NTP) is used to synchronize a computer's

time with another reference time source. This package includes ntpd

(a daemon which continuously adjusts system time) and utilities used

to query and configure the ntpd daemon.

Perl scripts ntp-wait and ntptrace are in the ntp-perl package,

ntpdate is in the ntpdate package and sntp is in the sntp package.

The documentation is in the ntp-doc package.

Update Information:

Security fix for CVE-2016-7433, CVE-2016-7426, CVE-2016-7429, CVE-2016-9310, CVE-2016-9311

Change Log

References


[ 1 ] Bug #1397347 - CVE-2016-7433 ntp: Broken initial sync calculations regression https://bugzilla.redhat.com/show_bug.cgi?id=1397347 [ 2 ] Bug #1397345 - CVE-2016-7426 ntp: Client rate limiting and server responses https://bugzilla.redhat.com/show_bug.cgi?id=1397345 [ 3 ] Bug #1397341 - CVE-2016-7429 ntp: Attack on interface selection https://bugzilla.redhat.com/show_bug.cgi?id=1397341 [ 4 ] Bug #1397319 - CVE-2016-9310 ntp: Mode 6 unauthenticated trap information disclosure and DDoS vector https://bugzilla.redhat.com/show_bug.cgi?id=1397319

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade ntp' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: ntp
Product: Fedora 24
Version: 4.2.6p5
Release: 43.fc24
Summary: The NTP daemon and utilities

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.