Package name
ntp
Date
2009-12-03
Advisory ID
MDVSA-2009:309
Affected versions
2008.0 i586 , 2008.0 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in ntp:

Requesting peer information from a malicious remote time server
may lead to an unexpected application termination or arbitrary code
execution (CVE-2009-0159).

A buffer overflow flaw was discovered in the ntpd daemon's NTPv4
authentication code. If ntpd was configured to use public key
cryptography for NTP packet authentication, a remote attacker could
use this flaw to send a specially-crafted request packet that could
crash ntpd (CVE-2009-1252).

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

The updated packages have been patched to prevent this.

Updated packages

2008.0 i586

 ce17e1c2cf64b1181b1172f3933fe705  2008.0/i586/ntp-4.2.4-10.2mdv2008.0.i586.rpm
 66baede7d5a42d16d19639148f5e4d52  2008.0/i586/ntp-client-4.2.4-10.2mdv2008.0.i586.rpm
 f708723a1ab549c987ad64fa2862eb80  2008.0/i586/ntp-doc-4.2.4-10.2mdv2008.0.i586.rpm 
 fb352aa8910f1bc1319df986769d15ab  2008.0/SRPMS/ntp-4.2.4-10.2mdv2008.0.src.rpm

2008.0 x86_64

 b8519fa3b101a246d35d173745267d6c  2008.0/x86_64/ntp-4.2.4-10.2mdv2008.0.x86_64.rpm
 dd862d4411bfee35041267817e1e2f0e  2008.0/x86_64/ntp-client-4.2.4-10.2mdv2008.0.x86_64.rpm
 c38355a0069bc68c50e48726bd5d04e7  2008.0/x86_64/ntp-doc-4.2.4-10.2mdv2008.0.x86_64.rpm 
 fb352aa8910f1bc1319df986769d15ab  2008.0/SRPMS/ntp-4.2.4-10.2mdv2008.0.src.rpm

References