ELSA-2018-0855

ELSA-2018-0855 - ntp security, bug fix, and enhancement update

Type:SECURITY
Severity:MODERATE
Release Date:2018-04-16

Description


[4.2.6p5-28.0.1]
- Bump release to avoid ULN conflict with Oracle modified errata.

[4.2.6p5-28]
- fix buffer overflow in datum refclock driver (CVE-2017-6462)
- fix crash with invalid unpeer command (CVE-2017-6463)
- fix potential crash with invalid server command (CVE-2017-6464)
- add Spectracom TSYNC driver (#1491797)
- fix initialization of system clock status (#1493452)
- fix typos in ntpd man page (#1420453)
- use SHA1 request key by default (#1442083)
- use network-online target in ntpdate and sntp services (#1466947)

[4.2.6p5-27]
- fix CVE-2016-7429 patch to work correctly on multicast client (#1422944)

[4.2.6p5-26]
- don't limit rate of packets from sources (CVE-2016-7426)
- don't change interface from received packets (CVE-2016-7429)
- fix calculation of root distance again (CVE-2016-7433)
- require authentication for trap commands (CVE-2016-9310)
- fix crash when reporting peer event to trappers (CVE-2016-9311)


Related CVEs


CVE-2017-6462
CVE-2017-6464
CVE-2017-6463

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) ntp-4.2.6p5-28.0.1.el7.src.rpm4a402f929e5a179b10b29e11d763b2cd-
ntp-4.2.6p5-28.0.1.el7.x86_64.rpm5c718186f0900823578b50185a0b41a2-
ntp-doc-4.2.6p5-28.0.1.el7.noarch.rpm5477b4160a2984840f40141571fda97c-
ntp-perl-4.2.6p5-28.0.1.el7.noarch.rpmf6477fc0d3002be50b26954cf9ec2aff-
ntpdate-4.2.6p5-28.0.1.el7.x86_64.rpm48761808a27b54ca3ac3972a721807da-
sntp-4.2.6p5-28.0.1.el7.x86_64.rpm5834591890c53d6abd03cd8436c0117e-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete