Slackware: 2016-326-01 Critical: NTP DoS Vulnerabilities Resolved
slackware
November 21, 2016
New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues
Summary
Here are the details from the Slackware 14.2 ChangeLog: patches/packages/ntp-4.2.8p9-i586-1_slack14.2.txz: Upgraded. In addition to bug fixes and enhancements, this release fixes the following 1 high- (Windows only :-), 2 medium-, 2 medium-/low, and 5 low-severity vulnerabilities, and provides 28 other non-security fixes and improvements. CVE-2016-9311: Trap crash CVE-2016-9310: Mode 6 unauthenticated trap info disclosure and DDoS vector CVE-2016-7427: Broadcast Mode Replay Prevention DoS CVE-2016-7428: Broadcast Mode Poll Interval Enforcement DoS CVE-2016-9312: Windows: ntpd DoS by oversized UDP packet CVE-2016-7431: Regression: 010-origin: Zero Origin Timestamp Bypass CVE-2016-7434: Null pointer dereference in _IO_str_init_static_internal() CVE-2016-7429: Interface selection attack CVE-2016-7426: Client rate limiting and server responses CVE-2016-7433: Reboot sync calculation problem For more information, see:
Read the Full Advisory
Topics Covered
Where Find New Packages
Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.
Updated package for Slackware 13.0:
Updated package for Slackware x86_64 13.0:
Updated package for Slackware 13.1:
Updated package for Slackware x86_64 13.1:
Updated package for Slackware 13.37:
Updated package for Slackware x86_64 13.37:
Updated package for Slackware 14.0:
Updated package for Slackware x86_64 14.0:
Updated package for Slackware 14.1:
Updated package for Slackware x86_64 14.1:
Updated package for Slackware 14.2:
Updated package for Slackware x86_64 14.2:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:
MD5 Signatures
Slackware 13.0 package:
de30f660b0bdcf5d395d58fe95baebaf ntp-4.2.8p9-i486-1_slack13.0.txz
Slackware x86_64 13.0 package:
cf19e17e609553bdac6bed7a5463a652 ntp-4.2.8p9-x86_64-1_slack13.0.txz
Slackware 13.1 package:
366967036495ace2e4ee27c28737fb39 ntp-4.2.8p9-i486-1_slack13.1.txz
Slackware x86_64 13.1 package:
70535cbef8c11188ad965c8c6890c7a5 ntp-4.2.8p9-x86_64-1_slack13.1.txz
Slackware 13.37 package:
ea3caede15d6879d83e9727bb706eb4b ntp-4.2.8p9-i486-1_slack13.37.txz
Slackware x86_64 13.37 package:
08921ff8cf9f68539e12d586765adb5b ntp-4.2.8p9-x86_64-1_slack13.37.txz
Slackware 14.0 package:
c787e7e9c2b813af7d1d1260a5572f71 ntp-4.2.8p9-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
d2b1608fc009dac1c68dc710004f26f3 ntp-4.2.8p9-x86_64-1_slack14.0.txz
Slackware 14.1 package:
4329419d697ce523da2bf24c060c650f ntp-4.2.8p9-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
acdb54929957393f6957c28716867bbf ntp-4.2.8p9-x86_64-1_slack14.1.txz
Slackware 14.2 package:
1118e86610a5ceea6f86901e4306dc1a ntp-4.2.8p9-i586-1_slack14.2.txz
Slackware x86_64 14.2 package:
9a6db91e52972e7e6ea902acefef1198 ntp-4.2.8p9-x86_64-1_slack14.2.txz
Slackware -current package:
b098a4bafbb0d07ace6e976624d54a7a n/ntp-4.2.8p9-i586-1.txz
Slackware x86_64 -current package:
2a08f8963d13804c467cec22603d69e4 n/ntp-4.2.8p9-x86_64-1.txz
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Installation Instructions
Installation instructions: Upgrade the package as root: # upgradepkg ntp-4.2.8p9-i586-1_slack14.2.txz Then, restart the NTP daemon: # sh /etc/rc.d/rc.ntpd restart
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!