Synopsis: Moderate: ntp security update
Advisory ID: SLSA-2017:0252-1
Issue Date: 2017-02-06
CVE Numbers: CVE-2016-9310
CVE-2016-7429
CVE-2016-7426
CVE-2016-7433
CVE-2016-9311
—
Security Fix(es):
* It was found that when ntp is configured with rate limiting for all
associations the limits are also applied to responses received from its
configured sources. A remote attacker who knows the sources can cause a
denial of service by preventing ntpd from accepting valid responses from
its sources. (CVE-2016-7426)
* A flaw was found in the control mode functionality of ntpd. A remote
attacker could send a crafted control mode packet which could lead to
information disclosure or result in DDoS amplification attacks.
(CVE-2016-9310)
* A flaw was found in the way ntpd implemented the trap service. A remote
attacker could send a specially crafted packet to cause a null pointer
dereference that will crash ntpd, resulting in a denial of service.
(CVE-2016-9311)
* A flaw was found in the way ntpd running on a host with multiple network
interfaces handled certain server responses. A remote attacker could use
this flaw which would cause ntpd to not synchronize with the source.
(CVE-2016-7429)
* A flaw was found in the way ntpd calculated the root delay. A remote
attacker could send a specially-crafted spoofed packet to cause denial of
service or in some special cases even crash. (CVE-2016-7433)
—
SL6
x86_64
ntp-4.2.6p5-10.el6_8.2.x86_64.rpm
ntp-debuginfo-4.2.6p5-10.el6_8.2.x86_64.rpm
ntpdate-4.2.6p5-10.el6_8.2.x86_64.rpm
ntp-perl-4.2.6p5-10.el6_8.2.x86_64.rpm
i386
ntp-4.2.6p5-10.el6_8.2.i686.rpm
ntp-debuginfo-4.2.6p5-10.el6_8.2.i686.rpm
ntpdate-4.2.6p5-10.el6_8.2.i686.rpm
ntp-perl-4.2.6p5-10.el6_8.2.i686.rpm
noarch
ntp-doc-4.2.6p5-10.el6_8.2.noarch.rpm
SL7
x86_64
ntp-4.2.6p5-25.el7_3.1.x86_64.rpm
ntp-debuginfo-4.2.6p5-25.el7_3.1.x86_64.rpm
ntpdate-4.2.6p5-25.el7_3.1.x86_64.rpm
sntp-4.2.6p5-25.el7_3.1.x86_64.rpm
noarch
ntp-doc-4.2.6p5-25.el7_3.1.noarch.rpm
ntp-perl-4.2.6p5-25.el7_3.1.noarch.rpm
– Scientific Linux Development Team
