Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 2 articles for you...
202
security advisorymoderatebug fixopenSUSE Leap 15.3: 2022:0845-1 Moderate: Chrony Security Fix
An update that solves one vulnerability, contains one feature and has 12 fixes is now available. . openSUSE Security Update: Security update for chrony ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0845-1 Rating: moderate References: #1099272 #1115529 #1128846 #1162964 #1172113 #1173277 #1174075 #1174911 #1180689 #1181826 #1187906 #1190926 #1194229 SLE-17334 Cross-References: CVE-2020-14367 CVSS scores: CVE-2020-14367 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVE-2020-14367 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has 12 fixes is now available. Description: This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed foropenSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and "reload sources" command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get "maxsources" sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add "add pool" command - Add "reset sources" command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -roptions to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option "version 3") - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv@.service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamplesoptions to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-845=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): augeas-1.10.1-3.9.1 augeas-debuginfo-1.10.1-3.9.1 augeas-debugsource-1.10.1-3.9.1 augeas-devel-1.10.1-3.9.1 augeas-lense-tests-1.10.1-3.9.1 augeas-lenses-1.10.1-3.9.1 chrony-4.1-150300.16.3.1 chrony-debuginfo-4.1-150300.16.3.1 chrony-debugsource-4.1-150300.16.3.1 libaugeas0-1.10.1-3.9.1 libaugeas0-debuginfo-1.10.1-3.9.1 - openSUSE Leap 15.3 (x86_64): augeas-devel-32bit-1.10.1-3.9.1 libaugeas0-32bit-1.10.1-3.9.1 libaugeas0-32bit-debuginfo-1.10.1-3.9.1 - openSUSE Leap 15.3 (noarch): chrony-pool-empty-4.1-150300.16.3.1 chrony-pool-openSUSE-4.1-150300.16.3.1 chrony-pool-suse-4.1-150300.16.3.1 References: https://www.suse.com/security/cve/CVE-2020-14367.html https://bugzilla.suse.com/1099272 https://bugzilla.suse.com/1115529 https://bugzilla.suse.com/1128846 https://bugzilla.suse.com/1162964 https://bugzilla.suse.com/1172113 https://bugzilla.suse.com/1173277 https://bugzilla.suse.com/1174075 https://bugzilla.suse.com/1174911 https://bugzilla.suse.com/1180689 https://bugzilla.suse.com/1181826 https://bugzilla.suse.com/1187906 https://bugzilla.suse.com/1190926 https://bugzilla.suse.com/1194229 . The latest release of chrony addresses a specific vulnerability while also providing improvements and bug fixes tailored for openSUSE users.. openSUSE Security Update, chrony Issues, Time Sync Solutions. . LinuxSecurity.com Team
Mar 15, 2022
OpenSUSE
100
security advisorymoderateupdateSUSE: 2022:0845-1 Moderate: Chrony Security Fix for Time Sync
An update that solves one vulnerability, contains one feature and has 12 fixes is now available. . SUSE Security Update: Security update for chrony ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0845-1 Rating: moderate References: #1099272 #1115529 #1128846 #1162964 #1172113 #1173277 #1174075 #1174911 #1180689 #1181826 #1187906 #1190926 #1194229 SLE-17334 Cross-References: CVE-2020-14367 CVSS scores: CVE-2020-14367 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVE-2020-14367 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Installer 15-SP3 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has 12 fixes is now available. Description: This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys andcertificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and "reload sources" command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get "maxsources" sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself -Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add "add pool" command - Add "reset sources" command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don’t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don’t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option "version 3") - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures +Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv@.service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-845=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-845=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-845=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-845=1 - SUSE Linux Enterprise Installer 15-SP3: zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2022-845=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): augeas-1.10.1-3.9.1 augeas-debuginfo-1.10.1-3.9.1 augeas-debugsource-1.10.1-3.9.1 augeas-devel-1.10.1-3.9.1 augeas-lenses-1.10.1-3.9.1 libaugeas0-1.10.1-3.9.1 libaugeas0-debuginfo-1.10.1-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): augeas-1.10.1-3.9.1 augeas-debuginfo-1.10.1-3.9.1 augeas-debugsource-1.10.1-3.9.1 augeas-devel-1.10.1-3.9.1 augeas-lenses-1.10.1-3.9.1 chrony-4.1-150300.16.3.1 chrony-debuginfo-4.1-150300.16.3.1 chrony-debugsource-4.1-150300.16.3.1 libaugeas0-1.10.1-3.9.1 libaugeas0-debuginfo-1.10.1-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): chrony-pool-empty-4.1-150300.16.3.1 chrony-pool-suse-4.1-150300.16.3.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): augeas-1.10.1-3.9.1 augeas-debuginfo-1.10.1-3.9.1 augeas-debugsource-1.10.1-3.9.1 augeas-lenses-1.10.1-3.9.1 chrony-4.1-150300.16.3.1 chrony-debuginfo-4.1-150300.16.3.1 chrony-debugsource-4.1-150300.16.3.1 libaugeas0-1.10.1-3.9.1 libaugeas0-debuginfo-1.10.1-3.9.1 - SUSE Linux Enterprise Micro 5.1 (noarch): chrony-pool-suse-4.1-150300.16.3.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): augeas-1.10.1-3.9.1 augeas-debuginfo-1.10.1-3.9.1 augeas-debugsource-1.10.1-3.9.1 augeas-lenses-1.10.1-3.9.1 libaugeas0-1.10.1-3.9.1 libaugeas0-debuginfo-1.10.1-3.9.1 - SUSE Linux Enterprise Installer 15-SP3 (aarch64 ppc64le s390x x86_64): augeas-1.10.1-3.9.1 References: https://www.suse.com/security/cve/CVE-2020-14367.html https://bugzilla.suse.com/1099272 https://bugzilla.suse.com/1115529 https://bugzilla.suse.com/1128846 https://bugzilla.suse.com/1162964 https://bugzilla.suse.com/1172113 https://bugzilla.suse.com/1173277 https://bugzilla.suse.com/1174075 https://bugzilla.suse.com/1174911 https://bugzilla.suse.com/1180689 https://bugzilla.suse.com/1181826 https://bugzilla.suse.com/1187906 https://bugzilla.suse.com/1190926 https://bugzilla.suse.com/1194229 . New release out for chrony on SUSE, addressing several moderate vulnerabilities, improving time alignment capabilities and overall system protection.. chrony Update, SUSE Security Fix, Moderate Issues, Time Sync Update. . LinuxSecurity.com Team
Mar 15, 2022
SuSE
100
security advisorymoderateDenial of ServiceSUSE: 2020:1823-1 Moderate Update for NTP with Security Fixes
An update that solves four vulnerabilities and has two fixes is now available. . SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1823-1 Rating: moderate References: #1125401 #1169740 #1171355 #1172651 #1173334 #992038 Cross-References: CVE-2018-8956 CVE-2020-11868 CVE-2020-13817 CVE-2020-15025 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP1 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This update for ntp fixes the following issues: ntp was updated to 4.2.8p15 - CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service (bsc#1169740). - CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355). - CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651). - CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334). - Removed an OpenSSL version warning (bsc#992038 and bsc#1125401). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1823=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1823=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-1823=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-1823=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): ntp-4.2.8p15-4.10.1 ntp-debuginfo-4.2.8p15-4.10.1 ntp-debugsource-4.2.8p15-4.10.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): ntp-4.2.8p15-4.10.1 ntp-debuginfo-4.2.8p15-4.10.1 ntp-debugsource-4.2.8p15-4.10.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): ntp-4.2.8p15-4.10.1 ntp-debuginfo-4.2.8p15-4.10.1 ntp-debugsource-4.2.8p15-4.10.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): ntp-4.2.8p15-4.10.1 ntp-debuginfo-4.2.8p15-4.10.1 ntp-debugsource-4.2.8p15-4.10.1 References: https://www.suse.com/security/cve/CVE-2018-8956.html https://www.suse.com/security/cve/CVE-2020-11868.html https://www.suse.com/security/cve/CVE-2020-13817.html https://www.suse.com/security/cve/CVE-2020-15025.html https://bugzilla.suse.com/1125401 https://bugzilla.suse.com/1169740 https://bugzilla.suse.com/1171355 https://bugzilla.suse.com/1172651 https://bugzilla.suse.com/1173334 https://bugzilla.suse.com/992038 _______________________________________________ sle-security-updates mailing list
Jul 02, 2020
SuSE
199
security advisorysecurity issueupdateCentOS: CESA-2017-3071 Moderate: NTP Update Security Issue
Upstream details at : https://access.redhat.com/errata/RHSA-2017:3071. CentOS Errata and Security Advisory 2017:3071 Moderate Upstream details at : https://access.redhat.com/errata/RHSA-2017:3071 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: e2dc7d323fdff02674abf27c51cba5cd3bf2b9c9185851bc003ca2cb61234d0a ntp-4.2.6p5-12.el6.centos.1.i686.rpm 158ab373f5d0392f4e3168fc548d889218036ca71e3612c22fd655343a834dac ntpdate-4.2.6p5-12.el6.centos.1.i686.rpm 98157086964064a8175b71c4b70121a4109802cf5678b17b70c10e650d0b043d ntp-doc-4.2.6p5-12.el6.centos.1.noarch.rpm bb7742afa687e7d0d0d2031d8dbfc938e1a239a65cc1d51da35d5321113688dc ntp-perl-4.2.6p5-12.el6.centos.1.i686.rpm x86_64: b90705825a7665764895b2b0f5f0fa253f3cd8053f7ba4e4bf22ea0eb60ad119 ntp-4.2.6p5-12.el6.centos.1.x86_64.rpm 5383d9b247aa508f0d02fa89e11e2e8a3760537f680d0323abd9af544d16d3e5 ntpdate-4.2.6p5-12.el6.centos.1.x86_64.rpm 98157086964064a8175b71c4b70121a4109802cf5678b17b70c10e650d0b043d ntp-doc-4.2.6p5-12.el6.centos.1.noarch.rpm 43f5fbf0dc6b734fca4848fc47bae07ff975b24929c8ad160383ed68dedcadce ntp-perl-4.2.6p5-12.el6.centos.1.x86_64.rpm Source: ad6efac5d8fa6c0476a3c2e19ef9e4660ba834bf7a411b668f05346167a5f483 ntp-4.2.6p5-12.el6.centos.1.src.rpm -- Johnny Hughes CentOS Project { https://www.centos.org/ } irc: hughesjr, #
Oct 26, 2017
CentOS
98
security advisorysecurity issueRed HatRed Hat 6/7: 2015:1930-01 Important NTP Update DoS Threat
Updated ntp packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: ntp security update Advisory ID: RHSA-2015:1930-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:1930.html Issue date: 2015-10-26 CVE Names: CVE-2015-5300 CVE-2015-7704 ==================================================================== 1. Summary: Updated ntp packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386,noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable synchronization with the server. (CVE-2015-7704) It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value. (CVE-2015-5300) Red Hat would like to thank Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg of Boston University for reporting these issues. All ntp users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1271070 - CVE-2015-7704 ntp: disabling synchronization via crafted KoD packet 1271076 - CVE-2015-5300 ntp: MITM attacker can force ntpd to make a step larger than the panic threshold 6. Package List: Red Hat Enterprise Linux Desktop (v.6): Source: ntp-4.2.6p5-5.el6_7.2.src.rpm i386: ntp-4.2.6p5-5.el6_7.2.i686.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntpdate-4.2.6p5-5.el6_7.2.i686.rpm x86_64: ntp-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntp-perl-4.2.6p5-5.el6_7.2.i686.rpm noarch: ntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ntp-4.2.6p5-5.el6_7.2.src.rpm x86_64: ntp-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: ntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ntp-4.2.6p5-5.el6_7.2.src.rpm i386: ntp-4.2.6p5-5.el6_7.2.i686.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntpdate-4.2.6p5-5.el6_7.2.i686.rpm ppc64: ntp-4.2.6p5-5.el6_7.2.ppc64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.ppc64.rpm ntpdate-4.2.6p5-5.el6_7.2.ppc64.rpm s390x: ntp-4.2.6p5-5.el6_7.2.s390x.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.s390x.rpm ntpdate-4.2.6p5-5.el6_7.2.s390x.rpm x86_64: ntp-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntp-perl-4.2.6p5-5.el6_7.2.i686.rpm noarch: ntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-5.el6_7.2.ppc64.rpm ntp-perl-4.2.6p5-5.el6_7.2.ppc64.rpm s390x: ntp-debuginfo-4.2.6p5-5.el6_7.2.s390x.rpm ntp-perl-4.2.6p5-5.el6_7.2.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v.6): Source: ntp-4.2.6p5-5.el6_7.2.src.rpm i386: ntp-4.2.6p5-5.el6_7.2.i686.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntpdate-4.2.6p5-5.el6_7.2.i686.rpm x86_64: ntp-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntp-perl-4.2.6p5-5.el6_7.2.i686.rpm noarch: ntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: ntp-4.2.6p5-19.el7_1.3.src.rpm x86_64: ntp-4.2.6p5-19.el7_1.3.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm ntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: ntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm ntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm sntp-4.2.6p5-19.el7_1.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: ntp-4.2.6p5-19.el7_1.3.src.rpm x86_64: ntp-4.2.6p5-19.el7_1.3.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm ntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: ntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm ntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm sntp-4.2.6p5-19.el7_1.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ntp-4.2.6p5-19.el7_1.3.src.rpm ppc64: ntp-4.2.6p5-19.el7_1.3.ppc64.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.ppc64.rpm ntpdate-4.2.6p5-19.el7_1.3.ppc64.rpm s390x: ntp-4.2.6p5-19.el7_1.3.s390x.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.s390x.rpm ntpdate-4.2.6p5-19.el7_1.3.s390x.rpm x86_64: ntp-4.2.6p5-19.el7_1.3.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm ntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: ntp-4.2.6p5-19.ael7b_1.3.src.rpm ppc64le: ntp-4.2.6p5-19.ael7b_1.3.ppc64le.rpm ntp-debuginfo-4.2.6p5-19.ael7b_1.3.ppc64le.rpm ntpdate-4.2.6p5-19.ael7b_1.3.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: ntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm ntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-19.el7_1.3.ppc64.rpm sntp-4.2.6p5-19.el7_1.3.ppc64.rpm s390x: ntp-debuginfo-4.2.6p5-19.el7_1.3.s390x.rpm sntp-4.2.6p5-19.el7_1.3.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm sntp-4.2.6p5-19.el7_1.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: ntp-doc-4.2.6p5-19.ael7b_1.3.noarch.rpm ntp-perl-4.2.6p5-19.ael7b_1.3.noarch.rpm ppc64le: ntp-debuginfo-4.2.6p5-19.ael7b_1.3.ppc64le.rpm sntp-4.2.6p5-19.ael7b_1.3.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: ntp-4.2.6p5-19.el7_1.3.src.rpm x86_64: ntp-4.2.6p5-19.el7_1.3.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm ntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: ntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm ntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm sntp-4.2.6p5-19.el7_1.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5300 https://access.redhat.com/security/cve/CVE-2015-7704 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. . Important NTP patch for Red Hat Enterprise Linux mitigates Denial of Service vulnerabilities and strengthens time sync safeguarding.. Red Hat Updates, NTP Security, DoS Threat, Time Sync Fixes. . Severity: Important. LinuxSecurity.com Team
Mar 14, 2017
•Important
Red Hat
89
security advisoryfedoracriticalFedora 24 Critical Advisory: NTP Security Patch for DoS Attacks
Security fix for CVE-2016-7433, CVE-2016-7426, CVE-2016-7429, CVE-2016-9310, CVE-2016-9311. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-c198d15316 2016-12-07 15:26:26.441263 -------------------------------------------------------------------------------- Name : ntp Product : Fedora 24 Version : 4.2.6p5 Release : 43.fc24 URL : http://www.ntp.org Summary : The NTP daemon and utilities Description : The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. This package includes ntpd (a daemon which continuously adjusts system time) and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp package. The documentation is in the ntp-doc package. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-7433, CVE-2016-7426, CVE-2016-7429, CVE-2016-9310, CVE-2016-9311 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1397347 - CVE-2016-7433 ntp: Broken initial sync calculations regression https://bugzilla.redhat.com/show_bug.cgi?id=1397347 [ 2 ] Bug #1397345 - CVE-2016-7426 ntp: Client rate limiting and server responses https://bugzilla.redhat.com/show_bug.cgi?id=1397345 [ 3 ] Bug #1397341 - CVE-2016-7429 ntp: Attack on interface selection https://bugzilla.redhat.com/show_bug.cgi?id=1397341 [ 4 ] Bug #1397319 - CVE-2016-9310 ntp: Mode 6 unauthenticated trap information disclosure and DDoS vector https://bugzilla.redhat.com/show_bug.cgi?id=1397319 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade ntp' at the command line. For more information, refer to the dnfdocumentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Dec 07, 2016
•Critical
Fedora
98
security advisorydenial of servicesecurity fixRed Hat: RHSA-2016:1141-01 Moderate: NTP Denial of Service Issue
An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ntp security update Advisory ID: RHSA-2016:1141-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1141 Issue date: 2016-05-31 CVE Names: CVE-2015-7979 CVE-2016-1547 CVE-2016-1548 CVE-2016-1550 CVE-2016-2518 ==================================================================== 1. Summary: An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red HatEnterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es): * It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time. (CVE-2015-7979) * A denial of service flaw was found in the way NTP handled preemptable client associations. A remote attacker could send several crypto NAK packets to a victim client, each with a spoofed source address of an existing associated peer, preventing that client from synchronizing its time. (CVE-2016-1547) * It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. A remote attacker could use a spoofed packet that, when processed by an ntpd client, would cause that client to reject all future legitimate server responses, effectively disabling time synchronization on that client. (CVE-2016-1548) * A flaw was found in the way NTP's libntp performed message authentication. An attacker able to observe the timing of the comparison function used in packet authentication could potentially use this flaw to recover the message digest. (CVE-2016-1550) * An out-of-bounds access flaw was found in the way ntpd processed certain packets. An authenticated attacker could use a crafted packet to create a peer association with hmode of 7 and larger, which could potentially (although highly unlikely) cause ntpd tocrash. (CVE-2016-2518) The CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1300271 - CVE-2015-7979 ntp: off-path denial of service on authenticated broadcast mode 1331461 - CVE-2016-1547 ntp: crypto-NAK preemptable association denial of service 1331462 - CVE-2016-1548 ntp: ntpd switching to interleaved mode with spoofed packets 1331464 - CVE-2016-1550 ntp: libntp message digest disclosure 1331468 - CVE-2016-2518 ntp: out-of-bounds references on crafted packet 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ntp-4.2.6p5-10.el6.1.src.rpm i386: ntp-4.2.6p5-10.el6.1.i686.rpm ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntpdate-4.2.6p5-10.el6.1.i686.rpm x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntp-perl-4.2.6p5-10.el6.1.i686.rpm noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ntp-4.2.6p5-10.el6.1.src.rpm x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: ntp-4.2.6p5-10.el6.1.src.rpm i386: ntp-4.2.6p5-10.el6.1.i686.rpm ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntpdate-4.2.6p5-10.el6.1.i686.rpm ppc64: ntp-4.2.6p5-10.el6.1.ppc64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.ppc64.rpm ntpdate-4.2.6p5-10.el6.1.ppc64.rpm s390x: ntp-4.2.6p5-10.el6.1.s390x.rpm ntp-debuginfo-4.2.6p5-10.el6.1.s390x.rpm ntpdate-4.2.6p5-10.el6.1.s390x.rpm x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntp-perl-4.2.6p5-10.el6.1.i686.rpm noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-10.el6.1.ppc64.rpm ntp-perl-4.2.6p5-10.el6.1.ppc64.rpm s390x: ntp-debuginfo-4.2.6p5-10.el6.1.s390x.rpm ntp-perl-4.2.6p5-10.el6.1.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ntp-4.2.6p5-10.el6.1.src.rpm i386: ntp-4.2.6p5-10.el6.1.i686.rpm ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntpdate-4.2.6p5-10.el6.1.i686.rpm x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntp-perl-4.2.6p5-10.el6.1.i686.rpm noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: ntp-4.2.6p5-22.el7_2.2.src.rpm x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v.7): Source: ntp-4.2.6p5-22.el7_2.2.src.rpm x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ntp-4.2.6p5-22.el7_2.2.src.rpm ppc64: ntp-4.2.6p5-22.el7_2.2.ppc64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64.rpm ntpdate-4.2.6p5-22.el7_2.2.ppc64.rpm ppc64le: ntp-4.2.6p5-22.el7_2.2.ppc64le.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64le.rpm ntpdate-4.2.6p5-22.el7_2.2.ppc64le.rpm s390x: ntp-4.2.6p5-22.el7_2.2.s390x.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.s390x.rpm ntpdate-4.2.6p5-22.el7_2.2.s390x.rpm x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64.rpm sntp-4.2.6p5-22.el7_2.2.ppc64.rpm ppc64le: ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64le.rpm sntp-4.2.6p5-22.el7_2.2.ppc64le.rpm s390x: ntp-debuginfo-4.2.6p5-22.el7_2.2.s390x.rpm sntp-4.2.6p5-22.el7_2.2.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: ntp-4.2.6p5-22.el7_2.2.src.rpm x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-7979 https://access.redhat.com/security/cve/CVE-2016-1547 https://access.redhat.com/security/cve/CVE-2016-1548 https://access.redhat.com/security/cve/CVE-2016-1550 https://access.redhat.com/security/cve/CVE-2016-2518 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXTUp2XlSAg2UNWIIRAqUmAKC32P98McZUqU1gzWxBbCz0hn0eagCfRtrx SULnKXrtTJd5iJ6eQVtDnxA=hETy -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
May 31, 2016
Red Hat
89
security advisorysecurity updatecriticalFedora 24 NTP Security Update 2016-ed8c6c0426 Critical Threat
Security fix for CVE-2016-1548, CVE-2016-2516, CVE-2016-2518, CVE-2016-1550. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-ed8c6c0426 2016-05-07 11:36:53.839204 -------------------------------------------------------------------------------- Name : ntp Product : Fedora 24 Version : 4.2.6p5 Release : 40.fc24 URL : http://www.ntp.org Summary : The NTP daemon and utilities Description : The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. This package includes ntpd (a daemon which continuously adjusts system time) and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp package. The documentation is in the ntp-doc package. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-1548, CVE-2016-2516, CVE-2016-2518, CVE-2016-1550 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1331462 - CVE-2016-1548 ntp: ntpd switching to interleaved mode with spoofed packets https://bugzilla.redhat.com/show_bug.cgi?id=1331462 [ 2 ] Bug #1331466 - CVE-2016-2516 ntp: assertion failure in ntpd on duplicate IPs on unconfig directives https://bugzilla.redhat.com/show_bug.cgi?id=1331466 [ 3 ] Bug #1331468 - CVE-2016-2518 ntp: out-of-bounds references on crafted packet https://bugzilla.redhat.com/show_bug.cgi?id=1331468 [ 4 ] Bug #1331464 - CVE-2016-1550 ntp: libntp message digest disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1331464 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update ntp' at the command line. For more information, refer to "Managing Software withyum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
May 07, 2016
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!