SCIENTIFIC-LINUX-ERRATA Archives

January 2009

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: ntp on SL4.x, SL5.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Thu, 29 Jan 2009 15:31:20 -0600
Content-Type:
text/plain
Parts/Attachments:
text/plain (36 lines) 
Synopsis:	Moderate: ntp security update
Issue date:	2009-01-29
CVE Names:	CVE-2009-0021

A flaw was discovered in the way the ntpd daemon checked the return 
value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4
authentication, this could lead to an incorrect verification of
cryptographic signatures, allowing time-spoofing attacks. (CVE-2009-0021)

Note: This issue only affects systems that have enabled NTP 
authentication. By default, NTP authentication is not enabled.

After installing the update, the ntpd daemon will restart automatically.


SL 4.x

      SRPMS:
ntp-4.2.0.a.20040617-8.el4_7.1.src.rpm
      i386:
ntp-4.2.0.a.20040617-8.el4_7.1.i386.rpm
      x86_64:
ntp-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm

SL 5.x

      SRPMS:
ntp-4.2.2p1-9.el5_3.1.src.rpm
      i386:
ntp-4.2.2p1-9.el5_3.1.i386.rpm
      x86_64:
ntp-4.2.2p1-9.el5_3.1.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2