Synopsis: Moderate: ntp security update Advisory ID: SLSA-2017:0252-1 Issue Date: 2017-02-06 CVE Numbers: CVE-2016-9310 CVE-2016-7429 CVE-2016-7426 CVE-2016-7433 CVE-2016-9311 -- Security Fix(es): * It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources. (CVE-2016-7426) * A flaw was found in the control mode functionality of ntpd. A remote attacker could send a crafted control mode packet which could lead to information disclosure or result in DDoS amplification attacks. (CVE-2016-9310) * A flaw was found in the way ntpd implemented the trap service. A remote attacker could send a specially crafted packet to cause a null pointer dereference that will crash ntpd, resulting in a denial of service. (CVE-2016-9311) * A flaw was found in the way ntpd running on a host with multiple network interfaces handled certain server responses. A remote attacker could use this flaw which would cause ntpd to not synchronize with the source. (CVE-2016-7429) * A flaw was found in the way ntpd calculated the root delay. A remote attacker could send a specially-crafted spoofed packet to cause denial of service or in some special cases even crash. (CVE-2016-7433) -- SL6 x86_64 ntp-4.2.6p5-10.el6_8.2.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6_8.2.x86_64.rpm ntpdate-4.2.6p5-10.el6_8.2.x86_64.rpm ntp-perl-4.2.6p5-10.el6_8.2.x86_64.rpm i386 ntp-4.2.6p5-10.el6_8.2.i686.rpm ntp-debuginfo-4.2.6p5-10.el6_8.2.i686.rpm ntpdate-4.2.6p5-10.el6_8.2.i686.rpm ntp-perl-4.2.6p5-10.el6_8.2.i686.rpm noarch ntp-doc-4.2.6p5-10.el6_8.2.noarch.rpm SL7 x86_64 ntp-4.2.6p5-25.el7_3.1.x86_64.rpm ntp-debuginfo-4.2.6p5-25.el7_3.1.x86_64.rpm ntpdate-4.2.6p5-25.el7_3.1.x86_64.rpm sntp-4.2.6p5-25.el7_3.1.x86_64.rpm noarch ntp-doc-4.2.6p5-25.el7_3.1.noarch.rpm ntp-perl-4.2.6p5-25.el7_3.1.noarch.rpm - Scientific Linux Development Team