To: [email protected]Subject: [ MDVSA-2009:092 ] ntp
Date: Mon, 13 Apr 2009 21:17:01 +0200
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1LtReP-0003YZ-4a@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:092
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ntp
Date : April 13, 2009
Affected: 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in ntp:
Requesting peer information from a malicious remote time server
may lead to an unexpected application termination or arbitrary code
execution (CVE-2009-0159).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
fa2e899a5c08b6750e6ea0f4a8b0fee9 2008.1/i586/ntp-4.2.4-15.2mdv2008.1.i586.rpm
d4d4dcf38ffd0d9e767523618fa7c891 2008.1/i586/ntp-client-4.2.4-15.2mdv2008.1.i586.rpm
978f4db4624d049e4272948ade524843 2008.1/i586/ntp-doc-4.2.4-15.2mdv2008.1.i586.rpm
1ac618eb1d0dd6efecdfb47704008c77 2008.1/SRPMS/ntp-4.2.4-15.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
ee55987fb8ecfa749d8b5aae9a674bba 2008.1/x86_64/ntp-4.2.4-15.2mdv2008.1.x86_64.rpm
d7c70554fa0fbf48652ae92ab79dd7ac 2008.1/x86_64/ntp-client-4.2.4-15.2mdv2008.1.x86_64.rpm
860cd9734552b72413366e5338e210cb 2008.1/x86_64/ntp-doc-4.2.4-15.2mdv2008.1.x86_64.rpm
1ac618eb1d0dd6efecdfb47704008c77 2008.1/SRPMS/ntp-4.2.4-15.2mdv2008.1.src.rpm
Mandriva Linux 2009.0:
20aacfaed4e0a8c57bfce708b2bdb9ef 2009.0/i586/ntp-4.2.4-18.2mdv2009.0.i586.rpm
7d7abf45a007b3689350a187b7545a8c 2009.0/i586/ntp-client-4.2.4-18.2mdv2009.0.i586.rpm
961b7ddb38b90a7d226dcecd8ca55ca4 2009.0/i586/ntp-doc-4.2.4-18.2mdv2009.0.i586.rpm
dbaec3d902f5e97a8dd337861d0a6269 2009.0/SRPMS/ntp-4.2.4-18.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
d635643851f3786f794496f8e10e6f81 2009.0/x86_64/ntp-4.2.4-18.2mdv2009.0.x86_64.rpm
ae6c90899b7e10fdd36797d4af2b740c 2009.0/x86_64/ntp-client-4.2.4-18.2mdv2009.0.x86_64.rpm
a388b933ba7cee525a1b0d5918e51486 2009.0/x86_64/ntp-doc-4.2.4-18.2mdv2009.0.x86_64.rpm
dbaec3d902f5e97a8dd337861d0a6269 2009.0/SRPMS/ntp-4.2.4-18.2mdv2009.0.src.rpm
Corporate 3.0:
37c5516f89e9ca6022394f0c842a04c7 corporate/3.0/i586/ntp-4.2.0-2.2.C30mdk.i586.rpm
52e72a1c531e59f32070671178b19781 corporate/3.0/SRPMS/ntp-4.2.0-2.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
57312527659949cf347d0fb14a00669a corporate/3.0/x86_64/ntp-4.2.0-2.2.C30mdk.x86_64.rpm
52e72a1c531e59f32070671178b19781 corporate/3.0/SRPMS/ntp-4.2.0-2.2.C30mdk.src.rpm
Corporate 4.0:
990fe822e0532c6f0f612e4fbf5384c4 corporate/4.0/i586/ntp-4.2.0-21.4.20060mlcs4.i586.rpm
d80cb0b61f766f6a12294bc2ecce4845 corporate/4.0/i586/ntp-client-4.2.0-21.4.20060mlcs4.i586.rpm
1999fbff4d59f82c58d2948a33032b00 corporate/4.0/SRPMS/ntp-4.2.0-21.4.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
0d817fe7d3817e81b9b51ec85d8d084a corporate/4.0/x86_64/ntp-4.2.0-21.4.20060mlcs4.x86_64.rpm
1cf7b7f4dbcd4ed1a498d603607f1b79 corporate/4.0/x86_64/ntp-client-4.2.0-21.4.20060mlcs4.x86_64.rpm
1999fbff4d59f82c58d2948a33032b00 corporate/4.0/SRPMS/ntp-4.2.0-21.4.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
e5f176d0f8bae6c07bbbfdb1adeda82d mnf/2.0/i586/ntp-4.2.0-2.2.C30mdk.i586.rpm
0b5d073ff7909b891ba510736f742cf7 mnf/2.0/SRPMS/ntp-4.2.0-2.2.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJ42LcmqjQ0CJFipgRAgKwAKDyhweSw1BzCJUUWuhEEYyVH+iQ3ACglzmV
qBP6fgl6WRYu46HkdqlJs4k=
=3g1E
-----END PGP SIGNATURE-----