ELSA-2019-2077

ELSA-2019-2077 - ntp security, bug fix, and enhancement update

Type:	SECURITY
Severity:	LOW
Release Date:	2019-08-13

Description

[4.2.6p5-29.0.1]
- Bump release to avoid ULN conflict with Oracle modified errata.

[4.2.6p5-29]
- fix CVE-2016-7429 patch to restore default ttl configuration (#1550637)
- fix buffer overflow in parsing of address in ntpq and ntpdc (CVE-2018-12327)
- fix crash in parsing of received address in ntpq (#1616250)
- avoid reading freed memory after disabling netlink socket (#1555401)
- dont disable netlink socket on ENOBUFS error (#1555413)
- replace ntpstat with shell script using ntpq and supporting chrony (#1592871)

Related CVEs

CVE-2018-12327

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory
Oracle Linux 7 (aarch64)	ntp-4.2.6p5-29.0.1.el7.src.rpm	1f83c724473858c411d1ec0d9134851c	ELSA-2020-2663
	ntp-4.2.6p5-29.0.1.el7.aarch64.rpm	a3e21b3c4c7cb594399d2021eff90b48	ELSA-2020-2663
	ntp-doc-4.2.6p5-29.0.1.el7.noarch.rpm	d5281fb0421b63178640b0c9042b1ed7	ELSA-2020-2663
	ntp-perl-4.2.6p5-29.0.1.el7.noarch.rpm	2fe0fd6cae86f1ef0e22c6c5b7aed944	ELSA-2020-2663
	ntpdate-4.2.6p5-29.0.1.el7.aarch64.rpm	a90569f275858f6294458dd4b32a9288	ELSA-2020-2663
	sntp-4.2.6p5-29.0.1.el7.aarch64.rpm	bb11f8803151fc4252b83d81eb489eaf	ELSA-2020-2663
Oracle Linux 7 (x86_64)	ntp-4.2.6p5-29.0.1.el7.src.rpm	1f83c724473858c411d1ec0d9134851c	ELSA-2020-2663
	ntp-4.2.6p5-29.0.1.el7.x86_64.rpm	b3df6ed842615e605d196c93bfe52bf6	ELSA-2020-2663
	ntp-doc-4.2.6p5-29.0.1.el7.noarch.rpm	d5281fb0421b63178640b0c9042b1ed7	ELSA-2020-2663
	ntp-perl-4.2.6p5-29.0.1.el7.noarch.rpm	2fe0fd6cae86f1ef0e22c6c5b7aed944	ELSA-2020-2663
	ntpdate-4.2.6p5-29.0.1.el7.x86_64.rpm	4d7eae38171cef19012fbafc48592644	ELSA-2020-2663
	sntp-4.2.6p5-29.0.1.el7.x86_64.rpm	f0eb25830cc6939440da09dd24f3a1db	ELSA-2020-2663

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team