Synopsis: Moderate: ntp security update
Issue date: 2009-01-29
CVE Names: CVE-2009-0021
A flaw was discovered in the way the ntpd daemon checked the return
value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4
authentication, this could lead to an incorrect verification of
cryptographic signatures, allowing time-spoofing attacks. (CVE-2009-0021)
Note: This issue only affects systems that have enabled NTP
authentication. By default, NTP authentication is not enabled.
After installing the update, the ntpd daemon will restart automatically.
SL 4.x
SRPMS:
ntp-4.2.0.a.20040617-8.el4_7.1.src.rpm
i386:
ntp-4.2.0.a.20040617-8.el4_7.1.i386.rpm
x86_64:
ntp-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm
SL 5.x
SRPMS:
ntp-4.2.2p1-9.el5_3.1.src.rpm
i386:
ntp-4.2.2p1-9.el5_3.1.i386.rpm
x86_64:
ntp-4.2.2p1-9.el5_3.1.x86_64.rpm
-Connie Sieh
-Troy Dawson
|