Subject: | |
From: | |
Reply To: | |
Date: | Thu, 29 Jan 2009 15:31:20 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Moderate: ntp security update
Issue date: 2009-01-29
CVE Names: CVE-2009-0021
A flaw was discovered in the way the ntpd daemon checked the return
value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4
authentication, this could lead to an incorrect verification of
cryptographic signatures, allowing time-spoofing attacks. (CVE-2009-0021)
Note: This issue only affects systems that have enabled NTP
authentication. By default, NTP authentication is not enabled.
After installing the update, the ntpd daemon will restart automatically.
SL 4.x
SRPMS:
ntp-4.2.0.a.20040617-8.el4_7.1.src.rpm
i386:
ntp-4.2.0.a.20040617-8.el4_7.1.i386.rpm
x86_64:
ntp-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm
SL 5.x
SRPMS:
ntp-4.2.2p1-9.el5_3.1.src.rpm
i386:
ntp-4.2.2p1-9.el5_3.1.i386.rpm
x86_64:
ntp-4.2.2p1-9.el5_3.1.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|