MDVSA-2009:309
- Package name
- ntp
- Date
- 2009-12-03
- Advisory ID
- MDVSA-2009:309
- Affected versions
- 2008.0 i586 , 2008.0 x86_64
Problem description
Multiple vulnerabilities has been found and corrected in ntp:
Requesting peer information from a malicious remote time server
may lead to an unexpected application termination or arbitrary code
execution (CVE-2009-0159).
A buffer overflow flaw was discovered in the ntpd daemon's NTPv4
authentication code. If ntpd was configured to use public key
cryptography for NTP packet authentication, a remote attacker could
use this flaw to send a specially-crafted request packet that could
crash ntpd (CVE-2009-1252).
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
The updated packages have been patched to prevent this.
Updated packages
2008.0 i586
ce17e1c2cf64b1181b1172f3933fe705 2008.0/i586/ntp-4.2.4-10.2mdv2008.0.i586.rpm 66baede7d5a42d16d19639148f5e4d52 2008.0/i586/ntp-client-4.2.4-10.2mdv2008.0.i586.rpm f708723a1ab549c987ad64fa2862eb80 2008.0/i586/ntp-doc-4.2.4-10.2mdv2008.0.i586.rpm fb352aa8910f1bc1319df986769d15ab 2008.0/SRPMS/ntp-4.2.4-10.2mdv2008.0.src.rpm
2008.0 x86_64
b8519fa3b101a246d35d173745267d6c 2008.0/x86_64/ntp-4.2.4-10.2mdv2008.0.x86_64.rpm dd862d4411bfee35041267817e1e2f0e 2008.0/x86_64/ntp-client-4.2.4-10.2mdv2008.0.x86_64.rpm c38355a0069bc68c50e48726bd5d04e7 2008.0/x86_64/ntp-doc-4.2.4-10.2mdv2008.0.x86_64.rpm fb352aa8910f1bc1319df986769d15ab 2008.0/SRPMS/ntp-4.2.4-10.2mdv2008.0.src.rpm