OVMSA-2015-0001 - ntp security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2015-01-06 |
Description
[4.2.2p1-18.100.1.el5_11]
- Remove default ntp servers in ntp.conf [bug 14342986]
[4.2.2p1-18.el5]
- don't generate weak control key for resolver (CVE-2014-9293)
- don't generate weak MD5 keys in ntp-keygen (CVE-2014-9294)
- fix buffer overflows via specially-crafted packets (CVE-2014-9295)
[4.2.2p1-17.el5]
- increase memlock limit again (#1035198)
[4.2.2p1-16.el5]
- allow selection of cipher for private key files (#741573)
[4.2.2p1-15.el5]
- revert init script priority (#470945, #689636)
- drop tentative patch (#489835)
- move restorecon call to %posttrans
[4.2.2p1-14.el5]
- call restorecon on ntpd and ntpdate on start (#470945)
[4.2.2p1-13.el5]
- don't crash with more than 512 local addresses (#661934)
- add -I option (#528799)
- fix -L option to not require argument (#460434)
- move ntpd and ntpdate to /sbin and start earlier on boot (#470945, #689636)
- increase memlock limit (#575874)
- ignore tentative addresses (#489835)
- print synchronization distance instead of dispersion in ntpstat (#679034)
- fix typos in ntpq and ntp-keygen man pages (#664524, #664525)
- clarify ntpd -q description (#591838)
- don't verify ntp.conf (#481151)
- replace Prereq tag
[4.2.2p1-12.el5]
- fix DoS with mode 7 packets (#532640, CVE-2009-3563)
- compile with -fno-strict-aliasing
[4.2.2p1-11.el5]
- fix buffer overflow when parsing Autokey association message
(#500784, CVE-2009-1252)
- fix buffer overflow in ntpq (#500784, CVE-2009-0159)
[4.2.2p1-10.el5]
- fix check for malformed signatures (#479699, CVE-2009-0021)
Related CVEs
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
|
| Oracle VM 3.2 (x86_64) | ntp-4.2.2p1-18.100.1.el5_11.src.rpm | 5922cfab76a27a85f6a81207043fe003c2631a0afdd2301c8b04a3d581f0844c | OVMSA-2018-0290 | ovm3_3.2.1_x86_64_patch |
| ntp-4.2.2p1-18.100.1.el5_11.x86_64.rpm | db6c0496e31bfd12237a887073c43f619cfa9e57404858fc3cc1649201fe270d | OVMSA-2018-0290 | ovm3_3.2.1_x86_64_patch |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
