Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Slackware 14.2 Security Advisory: NTP DoS And Buffer Overflow Issues

slackware
Calendar Grey April 22, 2017
Dist Slackware Esm H88
Latest ntp updates released for Slackware 13.x tackling multiple security vulnerabilities, including denial-of-service and buffer overflow risks.
New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues

Summary

Here are the details from the Slackware 14.2 ChangeLog: patches/packages/ntp-4.2.8p10-i586-1_slack14.2.txz: Upgraded. In addition to bug fixes and enhancements, this release fixes security issues of medium and low severity: Denial of Service via Malformed Config (Medium) Authenticated DoS via Malicious Config Option (Medium) Potential Overflows in ctl_put() functions (Medium) Buffer Overflow in ntpq when fetching reslist from a malicious ntpd (Medium) 0rigin DoS (Medium) Buffer Overflow in DPTS Clock (Low) Improper use of snprintf() in mx4200_send() (Low) The following issues do not apply to Linux systems: Privileged execution of User Library code (WINDOWS PPSAPI ONLY) (Low) Stack Buffer Overflow from Command Line (WINDOWS installer ONLY) (Low) Data Structure terminated insufficiently (WINDOWS installer ONLY) (Low) For more information, see: https://www.cve.org/CVERecord?id=CVE-2017-6464 https://www.cve.org/CVERecord?id=CVE-2017-6463

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow slackware ntp

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p10-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p10-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p10-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p10-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p10-i486-1_slack13.37.txz
Updated package for Slackwar...

Read the Full Advisory

MD5 Signatures

Slackware 13.0 package: e3e18355dbb881f31030c325d396691f ntp-4.2.8p10-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 7ca81f398c6f3fc306cf5e0ce4821ff7 ntp-4.2.8p10-x86_64-1_slack13.0.txz
Slackware 13.1 package: bb14e63e0ea28856fb14816848fad378 ntp-4.2.8p10-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 77bee4e0b7d7bae54c431210ba7b20f8 ntp-4.2.8p10-x86_64-1_slack13.1.txz
Slackware 13.37 package: 4424d362ec1dcb75d35560cc25f291b8 ntp-4.2.8p10-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 94bea621e2bad59b80553a9516c4ddb6 ntp-4.2.8p10-x86_64-1_slack13.37.txz
Slackware 14.0 package: b9edb40c9e94a8248b57f96a0f7d0f49 ntp-4.2.8p10-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: d8a52549c46ca33833f68d7b063ab1f2 ntp-4.2.8p10-x86_64-1_slack14.0.txz
Slackware 14.1 package: b36dd3b339aff2718dbd541a9f44b0a4 ntp-4.2.8p10-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: b55bc11c2aa8d0378005af5dbb105119 ntp-4.2.8p10-x86_64-1_slack14.1.txz
Slackware 14.2 package: 1e625a8f4732aa776992210eaac05f04 ntp-4.2.8p10-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 22f25f35765d0cb3ece21e5db79091cd ntp-4.2.8p10-x86_64-1_slack14.2.txz
Slackware -current package: 78de6454532d6c7d52242eadab528d64 n/ntp-4.2.8p10-i586-1.txz
Slackware x86_64 -current package: 0522a4270909826999d07567e9a9de56 n/ntp-4.2.8p10-x86_64-1.txz

Severity
medium
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow slackware ntp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg ntp-4.2.8p10-i586-1_slack14.2.txz Then, restart the NTP daemon: # sh /etc/rc.d/rc.ntpd restart NOTE: On Slackware -current, first install the new etc package, and then be sure to move the .new config files and rc.ntpd script into place before restarting!

Related News

Your message here