Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Slackware 12.2: 2009-154-01 Moderate: NTP Buffer Overflow Threat

slackware
Calendar Grey June 4, 2009
Dist Slackware Esm H88
Essential ntp updates have been released for Slackware to resolve serious security vulnerabilities. Ensure your system is updated immediately!
New ntp packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix security issues

Summary

Here are the details from the Slackware 12.2 ChangeLog: patches/packages/ntp-4.2.4p7-i486-1_slack12.2.tgz: Upgraded to ntp-4.2.4p7. Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows arbitrary code execution by a malicious remote NTP server. Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 allows remote attackers to execute arbitrary code. This does not affect the Slackware ntpd as it does not link with openssl. For more information, see: https://www.cve.org/CVERecord?id=CVE-2009-0159 https://www.cve.org/CVERecord?id=CVE-2009-1252 (* Security fix *)

Topics%20covered

Topics Covered

security advisory buffer overflow moderate threat slackware ntp update

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 8.1:
Updated package for Slackware 9.0:
Updated package for Slackware 9.1:
Updated package for Slackware 10.0:
Updated package for Slackware 10.1:
Updated package for Slackware 10.2:
Updated package for Slackware 11.0:
Updated package for Slackware 12.0:
Updated package for Slackware 12.1:
Updated package for Slackware 12.2:
Updated package for Slackware -current:
Updated package for Slackware64 -current:

MD5 Signatures

Slackware 8.1 package: 0d4bdf684eafac459a8fe100e8ac7e24 ntp-4.2.2p3-i386-1_slack8.1.tgz
Slackware 9.0 package: 9dc5bd0c31cdb4339c0126ee058045c9 ntp-4.2.2p3-i386-1_slack9.0.tgz
Slackware 9.1 package: 3b742deb0d89d58593e39f6ff897fdd1 ntp-4.2.2p3-i486-1_slack9.1.tgz
Slackware 10.0 package: c5013135803e67d48baaa42def808317 ntp-4.2.2p3-i486-1_slack10.0.tgz
Slackware 10.1 package: 1ae7f1a5b74f6604853b8392986fcf78 ntp-4.2.2p3-i486-1_slack10.1.tgz
Slackware 10.2 package: df78620a180bd95257b70592c5fa38ff ntp-4.2.2p3-i486-1_slack10.2.tgz
Slackware 11.0 package: f694d70f70bb2af3e38bd17303030283 ntp-4.2.2p3-i486-2_slack11.0.tgz
Slackware 12.0 package: c857d6f8cb4bf69dfec69267faa8e705 ntp-4.2.4p7-i486-1_slack12.0.tgz
Slackware 12.1 package: 2064dba8a0888a9c15eeddaa47dd2ada ntp-4.2.4p7-i486-1_slack12.1.tgz
Slackware 12.2 package: 909e078099baec5aeb198df8ec421b9d ntp-4.2.4p7-i486-1_slack12.2.tgz
Slackware -current package: 0923d6c061f1e62c13b6a190b209ebe1 ntp-4.2.4p7-i486-1.txz
Slackware64 -current package: f361df8b28564846e883addfa56acd7c ntp-4.2.4p7-x86_64-1.txz

Severity
important
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory buffer overflow moderate threat slackware ntp update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg ntp-4.2.4p7-i486-1_slack12.2.tgz Then, restart ntpd.

Related News

Your message here