Stay Connected:

ELSA-2016-2583

ELSA-2016-2583 - ntp security and bug fix update

Type:SECURITY
Severity:MODERATE
Release Date:2016-11-09

Description


[4.2.6p5-25.0.1]
- add disable monitor to default ntp.conf [CVE-2013-5211]

[4.2.6p5-25]
- don't allow spoofed packet to enable symmetric interleaved mode
(CVE-2016-1548)
- check mode of new source in config command (CVE-2016-2518)
- make MAC check resilient against timing attack (CVE-2016-1550)

[4.2.6p5-24]
- fix crash with invalid logconfig command (CVE-2015-5194)
- fix crash when referencing disabled statistic type (CVE-2015-5195)
- don't hang in sntp with crafted reply (CVE-2015-5219)
- don't crash with crafted autokey packet (CVE-2015-7691, CVE-2015-7692,
CVE-2015-7702)
- fix memory leak with autokey (CVE-2015-7701)
- don't allow setting driftfile and pidfile remotely (CVE-2015-7703)
- don't crash in ntpq with crafted packet (CVE-2015-7852)
- check key ID in packets authenticated with symmetric key (CVE-2015-7974)
- fix crash with reslist command (CVE-2015-7977, CVE-2015-7978)
- don't allow spoofed packets to demobilize associations (CVE-2015-7979,
CVE-2016-1547)
- don't accept server/peer packets with zero origin timestamp (CVE-2015-8138)
- fix infinite loop in ntpq/ntpdc (CVE-2015-8158)
- fix resetting of leap status (#1242553)
- extend rawstats log (#1242877)
- report clock state changes related to leap seconds (#1242935)
- allow -4/-6 on restrict lines with mask (#1304492)
- explain synchronised state in ntpstat man page (#1309594)


Related CVEs


CVE-2015-5195
CVE-2015-7692
CVE-2015-7701
CVE-2015-7852
CVE-2015-5194
CVE-2015-5219
CVE-2015-7691
CVE-2015-7702
CVE-2015-7703
CVE-2015-7977
CVE-2015-7978
CVE-2015-7979
CVE-2015-5196
CVE-2015-7974
CVE-2015-8158

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) ntp-4.2.6p5-25.0.1.el7.src.rpmac3d612b9749efd8b36ec7d5423acbabELSA-2020-2663
ntp-4.2.6p5-25.0.1.el7.x86_64.rpmf5e345ea434bcc4cc56a7bf4d36f8c2aELSA-2020-2663
ntp-doc-4.2.6p5-25.0.1.el7.noarch.rpm316a954e5c1af11705ebecba1e5c4706ELSA-2020-2663
ntp-perl-4.2.6p5-25.0.1.el7.noarch.rpm851cab5ab3a63124dcc87f2cba8b4c74ELSA-2020-2663
ntpdate-4.2.6p5-25.0.1.el7.x86_64.rpm3bc275c38bfeb119badc985663ed831aELSA-2020-2663
sntp-4.2.6p5-25.0.1.el7.x86_64.rpmebe88bdc5d4c795faf8e7f6687d25dd5ELSA-2020-2663



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights