Package name
ntp
Date
2009-01-13
Advisory ID
MDVSA-2009:007
Affected versions
2009.0 x86_64 , CS4.0 x86_64 , MNF2.0 i586 , 2008.0 i586 , 2009.0 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , 2008.1 x86_64 , 2008.1 i586 , CS4.0 i586

Problem description

A flaw was found in how NTP checked the return value of signature
verification. A remote attacker could use this to bypass certificate
validation by using a malformed SSL/TLS signature (CVE-2009-0021).

The updated packages have been patched to prevent this issue.

Updated packages

2009.0 x86_64

 c6462453877b538618e8bf8d0132b1a3  2009.0/x86_64/ntp-4.2.4-18.1mdv2009.0.x86_64.rpm
 abe80d9922eb665d6e5be56197895a68  2009.0/x86_64/ntp-client-4.2.4-18.1mdv2009.0.x86_64.rpm
 eb780b2e38ebb1b4ee1999c4f0429231  2009.0/x86_64/ntp-doc-4.2.4-18.1mdv2009.0.x86_64.rpm 
 248052356a2606f377debf55257b6855  2009.0/SRPMS/ntp-4.2.4-18.1mdv2009.0.src.rpm

CS4.0 x86_64

 6c41fd0f995d8cf8cf216bf82e062de0  corporate/4.0/x86_64/ntp-4.2.0-21.3.20060mlcs4.x86_64.rpm
 da7f3cd1385ae2250cd191182079c037  corporate/4.0/x86_64/ntp-client-4.2.0-21.3.20060mlcs4.x86_64.rpm 
 50c665296cd7d09f4e98ae04e998e350  corporate/4.0/SRPMS/ntp-4.2.0-21.3.20060mlcs4.src.rpm

MNF2.0 i586

 d7ff99538a0da678adcc5606913bc1b6  mnf/2.0/i586/ntp-4.2.0-2.1.C30mdk.i586.rpm 
 c8af767376df674dd434307c628e30cd  mnf/2.0/SRPMS/ntp-4.2.0-2.1.C30mdk.src.rpm

2008.0 i586

 91f0330a936cb343029aec711da0ce4f  2008.0/i586/ntp-4.2.4-10.1mdv2008.0.i586.rpm
 e7e6559f0431ff856d0da0b1d5a590a4  2008.0/i586/ntp-client-4.2.4-10.1mdv2008.0.i586.rpm
 05f3b3c5777f6bef48ee85fefeaff8a8  2008.0/i586/ntp-doc-4.2.4-10.1mdv2008.0.i586.rpm 
 a9cd3b03e611b517664ffae074da31da  2008.0/SRPMS/ntp-4.2.4-10.1mdv2008.0.src.rpm

2009.0 i586

 82ed4b25f0a0c1c607e5819ec1d70603  2009.0/i586/ntp-4.2.4-18.1mdv2009.0.i586.rpm
 71855df81d8dd138d54fb24f5c221a5b  2009.0/i586/ntp-client-4.2.4-18.1mdv2009.0.i586.rpm
 30874a706c15d4086df8493af51f5082  2009.0/i586/ntp-doc-4.2.4-18.1mdv2009.0.i586.rpm 
 248052356a2606f377debf55257b6855  2009.0/SRPMS/ntp-4.2.4-18.1mdv2009.0.src.rpm

CS3.0 x86_64

 1214dd1fed42c4acd3ad36da9bd8b0ea  corporate/3.0/x86_64/ntp-4.2.0-2.1.C30mdk.x86_64.rpm 
 fc6c1a4605258d876c8a09d7d0d116ef  corporate/3.0/SRPMS/ntp-4.2.0-2.1.C30mdk.src.rpm

2008.0 x86_64

 e68c5263d456ec90d157787e70b17b99  2008.0/x86_64/ntp-4.2.4-10.1mdv2008.0.x86_64.rpm
 85e0c28eae68bcdcca997c5c2bb9bf8c  2008.0/x86_64/ntp-client-4.2.4-10.1mdv2008.0.x86_64.rpm
 ffbd2a9f924478d27f33ad13e1c4e250  2008.0/x86_64/ntp-doc-4.2.4-10.1mdv2008.0.x86_64.rpm 
 a9cd3b03e611b517664ffae074da31da  2008.0/SRPMS/ntp-4.2.4-10.1mdv2008.0.src.rpm

CS3.0 i586

 d1593543a5d37e6b8ea2c8468ce1d0d3  corporate/3.0/i586/ntp-4.2.0-2.1.C30mdk.i586.rpm 
 fc6c1a4605258d876c8a09d7d0d116ef  corporate/3.0/SRPMS/ntp-4.2.0-2.1.C30mdk.src.rpm

2008.1 x86_64

 9c7b290e643cae08556bd3b1f6380926  2008.1/x86_64/ntp-4.2.4-15.1mdv2008.1.x86_64.rpm
 7fd00c9b82a0ca577962d59975433071  2008.1/x86_64/ntp-client-4.2.4-15.1mdv2008.1.x86_64.rpm
 f99d1d7980dd6788a0f0c4924241a6d3  2008.1/x86_64/ntp-doc-4.2.4-15.1mdv2008.1.x86_64.rpm 
 ca06251ccab188cdb4f28fba35190eb6  2008.1/SRPMS/ntp-4.2.4-15.1mdv2008.1.src.rpm

2008.1 i586

 1a9909288448845fa41b220b50917ee1  2008.1/i586/ntp-4.2.4-15.1mdv2008.1.i586.rpm
 6693319db15308f559912c9fe989bdd6  2008.1/i586/ntp-client-4.2.4-15.1mdv2008.1.i586.rpm
 63758cadb1cf81ebb7bef096dc285f2f  2008.1/i586/ntp-doc-4.2.4-15.1mdv2008.1.i586.rpm 
 ca06251ccab188cdb4f28fba35190eb6  2008.1/SRPMS/ntp-4.2.4-15.1mdv2008.1.src.rpm

CS4.0 i586

 dcc6abed648d3baac3233264bc107517  corporate/4.0/i586/ntp-4.2.0-21.3.20060mlcs4.i586.rpm
 d1c9cf4d821856af81ce574fa08c1f52  corporate/4.0/i586/ntp-client-4.2.0-21.3.20060mlcs4.i586.rpm 
 50c665296cd7d09f4e98ae04e998e350  corporate/4.0/SRPMS/ntp-4.2.0-21.3.20060mlcs4.src.rpm

References