ntp-4.2.6p5-22.0.1.el7.AXS7

The Network Time Protocol (NTP) is used to synchronize a computer's
time with another reference time source. This package includes ntpd
(a daemon which continuously adjusts system time) and utilities used
to query and configure the ntpd daemon.

Perl scripts ntp-wait and ntptrace are in the ntp-perl package,
ntpdate is in the ntpdate package and sntp is in the sntp package.
The documentation is in the ntp-doc package.

Security issues fixed with this release:

CVE-2014-9297
** REJECT **

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750,
CVE-2014-9751. Reason: this ID was intended for one issue, but was
associated with two issues. Notes: All CVE users should consult
CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest.
All references and descriptions in this candidate have been removed to
prevent accidental usage.
CVE-2014-9298
** REJECT **

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750,
CVE-2014-9751. Reason: this ID was intended for one issue, but was
associated with two issues. Notes: All CVE users should consult
CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest.
All references and descriptions in this candidate have been removed to
prevent accidental usage.
CVE-2014-9750
ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey
Authentication is enabled, allows remote attackers to obtain sensitive
information from process memory or cause a denial of service (daemon
crash) via a packet containing an extension field with an invalid
value for the length of its value field.
CVE-2014-9751
The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before
4.2.8p1 on Linux and OS X does not properly determine whether a source
IP address is an IPv6 loopback address, which makes it easier for
remote attackers to spoof restricted packets, and read or write to the
runtime state, by leveraging the ability to reach the ntpd machine's
network interface with a packet from the ::1 address.
CVE-2015-1798
The symmetric-key feature in the receive function in ntp_proto.c in
ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC
field has a nonzero length, which makes it easier for
man-in-the-middle attackers to spoof packets by omitting the MAC.
CVE-2015-1799
The symmetric-key feature in the receive function in ntp_proto.c in
ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates
upon receiving certain invalid packets, which makes it easier for
man-in-the-middle attackers to cause a denial of service
(synchronization loss) by spoofing the source IP address of a peer.
CVE-2015-3405
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Fixed bugs:

* The ntpd service truncated symmetric keys specified in the key file to 20 bytes. As a consequence, it was impossible to configure NTP authentication to work with peers that use longer keys. With this update, the maximum key length has been changed to 32 bytes.
* The ntpd service could previously join multicast groups only when starting, which caused problems if ntpd was started during system boot before network was configured. With this update, ntpd attempts to join multicast groups every time network configuration is changed.
* Previously, the ntp-keygen utility used the exponent of 3 when generating RSA keys. Consequently, generating RSA keys failed when FIPS mode was enabled. With this update, ntp-keygen has been modified to use the exponent of 65537, and generating keys in FIPS mode now works as expected.
* The ntpd service dropped incoming NTP packets if their source port was lower than 123 (the NTP port). With this update, ntpd no longer checks the source port number, and clients behind NAT are now able to correctly synchronize with the server.
Enhancements:

* This update adds support for configurable Differentiated Services Code Points (DSCP) in NTP packets, simplifying configuration in large networks where different NTP implementations or versions are using different DSCP values.
* This update adds the ability to configure separate clock stepping thresholds for each direction (backward and forward). Use the "stepback" and "stepfwd" options to configure each threshold.
* Support for nanosecond resolution has been added to the Structural Health Monitoring (SHM) reference clock. Prior to this update, when a Precision Time Protocol (PTP) hardware clock was used as a time source to synchronize the system clock, the accuracy of the synchronization was limited due to the microsecond resolution of the SHM protocol. The nanosecond extension in the SHM protocol now allows sub-microsecond synchronization of the system clock.