Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Ubuntu 17.04: USN-3349-1 Critical: NTP Denial Of Service Threats

ubuntu
Calendar Grey July 5, 2017
Dist Ubuntu Esm H88
Numerous NTP security flaws identified across several Ubuntu iterations necessitate immediate updates to safeguard against potential denial of service attacks.
Several security issues were fixed in NTP.

Summary

Several security issues were fixed in NTP.

Software Description:

- ntp: Network Time Protocol daemon and utility programs

Details:

Yihan Lian discovered that NTP incorrectly handled certain large request

data values. A remote attacker could possibly use this issue to cause NTP

to crash, resulting in a denial of service. This issue only affected

Ubuntu 16.04 LTS. (CVE-2016-2519)

Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed

addresses when performing rate limiting. A remote attacker could possibly

use this issue to perform a denial of service. This issue only affected

Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7426)

Matthew Van Gundy discovered that NTP incorrectly handled certain crafted

broadcast mode packets. A remote attacker could possibly use this issue to

perform a denial of service. This issue only affected Ubuntu 14.04 LTS,

Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7427, CVE-2016-7428)

Miroslav ...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  ntp                             1:4.2.8p9+dfsg-2ubuntu1.1

Ubuntu 16.10:
  ntp                             1:4.2.8p8+dfsg-1ubuntu2.1

Ubuntu 16.04 LTS:
  ntp                             1:4.2.8p4+dfsg-3ubuntu5.5

Ubuntu 14.04 LTS:
  ntp                             1:4.2.6.p5+dfsg-3ubuntu2.14.04.11

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3349-1

CVE-2016-2519, CVE-2016-7426, CVE-2016-7427, CVE-2016-7428,

CVE-2016-7429, CVE-2016-7431, CVE-2016-7433, CVE-2016-7434,

CVE-2016-9042, CVE-2016-9310, CVE-2016-9311, CVE-2017-6458,

CVE-2017-6460, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464

Severity
critical
Lowest
Low
Medium
High
Critical

July 05, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here