Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 9: 2009-5275 Critical: NTP Denial Of Service Issue And Crash

fedora
Calendar Grey May 29, 2009
Dist Fedora Esm H88
This patch resolves the vulnerabilities causing service interruptions and crashes in the ntp module for Fedora 9. Use yum to install.
This update fixes a denial of service issue if autokey is enabled (default is disabled) and a crash in ntpq.

Summary

The Network Time Protocol (NTP) is used to synchronize a computer's

time with another reference time source. This package includes ntpd

(a daemon which continuously adjusts system time) and utilities used

to query and configure the ntpd daemon.

Perl scripts ntp-wait and ntptrace are in the ntp-perl package and

the ntpdate program is in the ntpdate package.

Update Information:

This update fixes a denial of service issue if autokey is enabled (default is disabled) and a crash in ntpq.

Topics%20covered

Topics Covered

security advisory denial of service critical issue fedora ntp update network time crash flaw

Change Log

* Tue May 19 2009 Miroslav Lichvar 4.2.4p7-1.fc9 - update to 4.2.4p7 (CVE-2009-1252, CVE-2009-0159) - don't log STA_MODE changes * Mon Jan 12 2009 Miroslav Lichvar 4.2.4p6-1.fc9 - update to 4.2.4p6 (CVE-2009-0021) * Wed Oct 8 2008 Miroslav Lichvar 4.2.4p5-2.fc9 - don't write drift file upon exit - run ntpq with full path in ntp-wait script * Fri Aug 29 2008 Miroslav Lichvar 4.2.4p5-1 - update to 4.2.4p5 - add support for fast interface updates * Mon Jul 28 2008 Miroslav Lichvar 4.2.4p4-7 - reload resolv.conf after temporary failure in name resolution (#456743) - use clock_gettime - make subpackages for perl scripts and ntpdate (#452097, #456116)

References


[ 1 ] Bug #499694 - CVE-2009-1252 ntp: remote arbitrary code execution vulnerability if autokeys is enabled https://bugzilla.redhat.com/show_bug.cgi?id=499694 [ 2 ] Bug #490617 - CVE-2009-0159 ntp: buffer overflow in ntpq https://bugzilla.redhat.com/show_bug.cgi?id=490617

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update ntp' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: ntp
Product: Fedora 9
Version: 4.2.4p7
Release: 1.fc9
URL: http://www.ntp.org
Summary: The NTP daemon and utilities

Topics%20covered

Topics Covered

security advisory denial of service critical issue fedora ntp update network time crash flaw

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here