OVMSA-2015-0001

OVMSA-2015-0001 - ntp security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2015-01-06

Description


[4.2.2p1-18.100.1.el5_11]
- Remove default ntp servers in ntp.conf [bug 14342986]

[4.2.2p1-18.el5]
- don't generate weak control key for resolver (CVE-2014-9293)
- don't generate weak MD5 keys in ntp-keygen (CVE-2014-9294)
- fix buffer overflows via specially-crafted packets (CVE-2014-9295)

[4.2.2p1-17.el5]
- increase memlock limit again (#1035198)

[4.2.2p1-16.el5]
- allow selection of cipher for private key files (#741573)

[4.2.2p1-15.el5]
- revert init script priority (#470945, #689636)
- drop tentative patch (#489835)
- move restorecon call to %posttrans

[4.2.2p1-14.el5]
- call restorecon on ntpd and ntpdate on start (#470945)

[4.2.2p1-13.el5]
- don't crash with more than 512 local addresses (#661934)
- add -I option (#528799)
- fix -L option to not require argument (#460434)
- move ntpd and ntpdate to /sbin and start earlier on boot (#470945, #689636)
- increase memlock limit (#575874)
- ignore tentative addresses (#489835)
- print synchronization distance instead of dispersion in ntpstat (#679034)
- fix typos in ntpq and ntp-keygen man pages (#664524, #664525)
- clarify ntpd -q description (#591838)
- don't verify ntp.conf (#481151)
- replace Prereq tag

[4.2.2p1-12.el5]
- fix DoS with mode 7 packets (#532640, CVE-2009-3563)
- compile with -fno-strict-aliasing

[4.2.2p1-11.el5]
- fix buffer overflow when parsing Autokey association message
(#500784, CVE-2009-1252)
- fix buffer overflow in ntpq (#500784, CVE-2009-0159)

[4.2.2p1-10.el5]
- fix check for malformed signatures (#479699, CVE-2009-0021)


Related CVEs


CVE-2014-9293
CVE-2014-9294
CVE-2014-9295

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle VM 3.2 (x86_64) ntp-4.2.2p1-18.100.1.el5_11.src.rpm53364c1520b339804645e40749252edeOVMSA-2018-0290
ntp-4.2.2p1-18.100.1.el5_11.x86_64.rpma016e7cb39e708605609a4f52b16d153OVMSA-2018-0290



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete