Alerts This Week
Warning Icon 1 566
Alerts This Week
Warning Icon 1 566

Slackware: 2018-229-01 Moderate: Ntp Command-Line Processing Risk

slackware
Calendar Grey August 17, 2018
Dist Slackware Esm H88
The latest NTP updates for Slackware bolster system defenses by addressing significant security flaws and elevating overall safeguarding measures.
New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues

Summary

Here are the details from the Slackware 14.2 ChangeLog: patches/packages/ntp-4.2.8p12-i586-1_slack14.2.txz: Upgraded. This release improves on one security fix in ntpd: LOW/MEDIUM: Sec 3012: Sybil vulnerability: ephemeral association attack While fixed in ntp-4.2.8p7 and with significant additional protections for this issue in 4.2.8p11, ntp-4.2.8p12 includes a fix for an edge case in the new noepeer support. Originally reported by Matt Van Gundy of Cisco. Edge-case hole reported by Martin Burnicki of Meinberg. And fixes another security issue in ntpq and ntpdc: LOW: Sec 3505: The openhost() function used during command-line hostname processing by ntpq and ntpdc can write beyond its buffer limit, which could allow an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory code execution slackware ntp command-line processing sybil attack

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 14.0:
Updated package for Slackware x86_64 14.0:
Updated package for Slackware 14.1:
Updated package for Slackware x86_64 14.1:
Updated package for Slackware 14.2:
Updated package for Slackware x86_64 14.2:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 14.0 package: 4a4cc8e4dc6964dc4521058ce776ce4e ntp-4.2.8p12-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: d3a0c36c39e1c0cf5e3b8707f948a180 ntp-4.2.8p12-x86_64-1_slack14.0.txz
Slackware 14.1 package: 7c42e1d9fa476c162be9375a7b662654 ntp-4.2.8p12-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 75472911bb9a76a949c94aa21471f6f0 ntp-4.2.8p12-x86_64-1_slack14.1.txz
Slackware 14.2 package: 2ecd58c0cb1f6d035b36de9098e0d075 ntp-4.2.8p12-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 96844a4152a8dba26ed73d91662122ce ntp-4.2.8p12-x86_64-1_slack14.2.txz
Slackware -current package: dc3f52b871f3edc1a64e2d9ef1649591 n/ntp-4.2.8p12-i586-1.txz
Slackware x86_64 -current package: ecd43289b917c81e682b9b00077c1409 n/ntp-4.2.8p12-x86_64-1.txz

Topics%20covered

Topics Covered

security advisory code execution slackware ntp command-line processing sybil attack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg ntp-4.2.8p12-i586-1_slack14.2.txz Then, restart the NTP daemon: # sh /etc/rc.d/rc.ntpd restart

Related News

Your message here