MDVSA-2009:007
- Package name
- ntp
- Date
- 2009-01-13
- Advisory ID
- MDVSA-2009:007
- Affected versions
- 2009.0 x86_64 , CS4.0 x86_64 , MNF2.0 i586 , 2008.0 i586 , 2009.0 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , 2008.1 x86_64 , 2008.1 i586 , CS4.0 i586
Problem description
A flaw was found in how NTP checked the return value of signature
verification. A remote attacker could use this to bypass certificate
validation by using a malformed SSL/TLS signature (CVE-2009-0021).
The updated packages have been patched to prevent this issue.
Updated packages
2009.0 x86_64
c6462453877b538618e8bf8d0132b1a3 2009.0/x86_64/ntp-4.2.4-18.1mdv2009.0.x86_64.rpm abe80d9922eb665d6e5be56197895a68 2009.0/x86_64/ntp-client-4.2.4-18.1mdv2009.0.x86_64.rpm eb780b2e38ebb1b4ee1999c4f0429231 2009.0/x86_64/ntp-doc-4.2.4-18.1mdv2009.0.x86_64.rpm 248052356a2606f377debf55257b6855 2009.0/SRPMS/ntp-4.2.4-18.1mdv2009.0.src.rpm
CS4.0 x86_64
6c41fd0f995d8cf8cf216bf82e062de0 corporate/4.0/x86_64/ntp-4.2.0-21.3.20060mlcs4.x86_64.rpm da7f3cd1385ae2250cd191182079c037 corporate/4.0/x86_64/ntp-client-4.2.0-21.3.20060mlcs4.x86_64.rpm 50c665296cd7d09f4e98ae04e998e350 corporate/4.0/SRPMS/ntp-4.2.0-21.3.20060mlcs4.src.rpm
MNF2.0 i586
d7ff99538a0da678adcc5606913bc1b6 mnf/2.0/i586/ntp-4.2.0-2.1.C30mdk.i586.rpm c8af767376df674dd434307c628e30cd mnf/2.0/SRPMS/ntp-4.2.0-2.1.C30mdk.src.rpm
2008.0 i586
91f0330a936cb343029aec711da0ce4f 2008.0/i586/ntp-4.2.4-10.1mdv2008.0.i586.rpm e7e6559f0431ff856d0da0b1d5a590a4 2008.0/i586/ntp-client-4.2.4-10.1mdv2008.0.i586.rpm 05f3b3c5777f6bef48ee85fefeaff8a8 2008.0/i586/ntp-doc-4.2.4-10.1mdv2008.0.i586.rpm a9cd3b03e611b517664ffae074da31da 2008.0/SRPMS/ntp-4.2.4-10.1mdv2008.0.src.rpm
2009.0 i586
82ed4b25f0a0c1c607e5819ec1d70603 2009.0/i586/ntp-4.2.4-18.1mdv2009.0.i586.rpm 71855df81d8dd138d54fb24f5c221a5b 2009.0/i586/ntp-client-4.2.4-18.1mdv2009.0.i586.rpm 30874a706c15d4086df8493af51f5082 2009.0/i586/ntp-doc-4.2.4-18.1mdv2009.0.i586.rpm 248052356a2606f377debf55257b6855 2009.0/SRPMS/ntp-4.2.4-18.1mdv2009.0.src.rpm
CS3.0 x86_64
1214dd1fed42c4acd3ad36da9bd8b0ea corporate/3.0/x86_64/ntp-4.2.0-2.1.C30mdk.x86_64.rpm fc6c1a4605258d876c8a09d7d0d116ef corporate/3.0/SRPMS/ntp-4.2.0-2.1.C30mdk.src.rpm
2008.0 x86_64
e68c5263d456ec90d157787e70b17b99 2008.0/x86_64/ntp-4.2.4-10.1mdv2008.0.x86_64.rpm 85e0c28eae68bcdcca997c5c2bb9bf8c 2008.0/x86_64/ntp-client-4.2.4-10.1mdv2008.0.x86_64.rpm ffbd2a9f924478d27f33ad13e1c4e250 2008.0/x86_64/ntp-doc-4.2.4-10.1mdv2008.0.x86_64.rpm a9cd3b03e611b517664ffae074da31da 2008.0/SRPMS/ntp-4.2.4-10.1mdv2008.0.src.rpm
CS3.0 i586
d1593543a5d37e6b8ea2c8468ce1d0d3 corporate/3.0/i586/ntp-4.2.0-2.1.C30mdk.i586.rpm fc6c1a4605258d876c8a09d7d0d116ef corporate/3.0/SRPMS/ntp-4.2.0-2.1.C30mdk.src.rpm
2008.1 x86_64
9c7b290e643cae08556bd3b1f6380926 2008.1/x86_64/ntp-4.2.4-15.1mdv2008.1.x86_64.rpm 7fd00c9b82a0ca577962d59975433071 2008.1/x86_64/ntp-client-4.2.4-15.1mdv2008.1.x86_64.rpm f99d1d7980dd6788a0f0c4924241a6d3 2008.1/x86_64/ntp-doc-4.2.4-15.1mdv2008.1.x86_64.rpm ca06251ccab188cdb4f28fba35190eb6 2008.1/SRPMS/ntp-4.2.4-15.1mdv2008.1.src.rpm
2008.1 i586
1a9909288448845fa41b220b50917ee1 2008.1/i586/ntp-4.2.4-15.1mdv2008.1.i586.rpm 6693319db15308f559912c9fe989bdd6 2008.1/i586/ntp-client-4.2.4-15.1mdv2008.1.i586.rpm 63758cadb1cf81ebb7bef096dc285f2f 2008.1/i586/ntp-doc-4.2.4-15.1mdv2008.1.i586.rpm ca06251ccab188cdb4f28fba35190eb6 2008.1/SRPMS/ntp-4.2.4-15.1mdv2008.1.src.rpm
CS4.0 i586
dcc6abed648d3baac3233264bc107517 corporate/4.0/i586/ntp-4.2.0-21.3.20060mlcs4.i586.rpm d1c9cf4d821856af81ce574fa08c1f52 corporate/4.0/i586/ntp-client-4.2.0-21.3.20060mlcs4.i586.rpm 50c665296cd7d09f4e98ae04e998e350 corporate/4.0/SRPMS/ntp-4.2.0-21.3.20060mlcs4.src.rpm