VectorLinux

Please login or register.

Login with username, password and session length
Advanced search  

News:

Visit our home page for VL info. For support and documentation, visit the Vector Linux Knowledge Center or search the Knowledge Center and this Forum using the search box above.

Author Topic: ntp security upgrade  (Read 542 times)

wigums

  • Guest
ntp security upgrade
« on: April 29, 2016, 05:51:57 pm »

ntp has been upgraded to 4.2.8p7 for both 7.1 and 7.2

This release patches several low and medium severity security issues:
  CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering
  CVE-2016-1549: Sybil vulnerability: ephemeral association attack,
    AKA: ntp-sybil - MITIGATION ONLY
  CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion
    botch
  CVE-2016-2517: Remote configuration trustedkey/requestkey values are not
    properly validated
  CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with
    MATCH_ASSOC
  CVE-2016-2519: ctl_getitem() return value not always checked
  CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos
  CVE-2016-1548: Interleave-pivot - MITIGATION ONLY
  CVE-2015-7704: KoD fix: peer associations were broken by the fix for
    NtpBug2901, AKA: Symmetric active/passive mode is broken
  CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks
  CVE-2016-1550: Improve NTP security against buffer comparison timing attacks,
    authdecrypt-timing, AKA: authdecrypt-timing
  For more information, see:
    http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519
« Last Edit: April 29, 2016, 05:58:25 pm by wigums »
Logged