ntp-4.2.2p1-18.0.1.AXS3

エラータID: AXSA:2014-860:03

Release date: 
Monday, January 5, 2015 - 15:07
Subject: 
ntp-4.2.2p1-18.0.1.AXS3
Affected Channels: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

Description :
The Network Time Protocol (NTP) is used to synchronize a computer's
time with another reference time source. This package includes ntpd
(a daemon which continuously adjusts system time) and utilities used
to query and configure the ntpd daemon.

Security issues fixed with this release:

CVE-2014-9293
The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

CVE-2014-9294
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

CVE-2014-9295
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.

Solution: 

Update package.

CVEs: 
2014-9293

2014-9294

2014-9295

Additional Info: 

N/A

Download: 

SRPMS
  1. ntp-4.2.2p1-18.0.1.AXS3.src.rpm
    MD5: e9f6f91edfa7de17be277f7e45ce4674
    SHA-256: 45b944e8c7cd95435273fc6d90a9b78f8a1e25fb24a9cd33d1ca36335f4f0562
    Size: 2.52 MB

Asianux Server 3 for x86
  1. ntp-4.2.2p1-18.0.1.AXS3.i386.rpm
    MD5: 8c63682da71026d707cebd9c6aa596da
    SHA-256: 3d7d4efe49b973ace871346d008d82b6741f43d1975b8a4b7c5e0c23fa600ca9
    Size: 1.32 MB

Asianux Server 3 for x86_64
  1. ntp-4.2.2p1-18.0.1.AXS3.x86_64.rpm
    MD5: 7902b86dada9924b310219b12596e7f2
    SHA-256: 3a6450a4c8652a442d694a01b71982782b720522c9ce1e29851965546aff3006
    Size: 1.33 MB