ntp-4.2.6p5-10.2.0.1.AXS4
エラータID: AXSA:2017-1289:01
The Network Time Protocol (NTP) is used to synchronize a computer's
time with another reference time source. This package includes ntpd
(a daemon which continuously adjusts system time) and utilities used
to query and configure the ntpd daemon.
Perl scripts ntp-wait and ntptrace are in the ntp-perl package and
the ntpdate program is in the ntpdate package. The documentation is
in the ntp-doc package.
Security issues fixed with this release:
CVE-2016-7426
NTP before 4.2.8p9 rate limits responses received from the configured
sources when rate limiting for all associations is enabled, which
allows remote attackers to cause a denial of service (prevent
responses from the sources) by sending responses with a spoofed source
address.
CVE-2016-7429
NTP before 4.2.8p9 changes the peer structure to the interface it
receives the response from a source, which allows remote attackers to
cause a denial of service (prevent communication with a source) by
sending a response for a source to an interface the source does not
use.
CVE-2016-7433
NTP before 4.2.8p9 does not properly perform the initial sync
calculations, which allows remote attackers to unspecified impact via
unknown vectors, related to a "root distance that did not include the
peer dispersion."
CVE-2016-9310
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9
allows remote attackers to set or unset traps via a crafted control
mode packet.
CVE-2016-9311
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows
remote attackers to cause a denial of service (NULL pointer
dereference and crash) via a crafted packet.
Update packages.
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.
NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
N/A
SRPMS
- ntp-4.2.6p5-10.2.0.1.AXS4.src.rpm
MD5: d78b965454720a57fa35aa7ed9a77660
SHA-256: c14788fe3e730e89040f5051f82fa2238a8bf31687be53c7d97bcc8645de9c4c
Size: 4.12 MB
Asianux Server 4 for x86
- ntp-4.2.6p5-10.2.0.1.AXS4.i686.rpm
MD5: 96ba60d7dc55866413a01b0e54be35bb
SHA-256: 5d383ebb566ec91cac113e1d1f94994953e4fabb4f70ddddda4cfba8508b4d75
Size: 592.75 kB - ntpdate-4.2.6p5-10.2.0.1.AXS4.i686.rpm
MD5: b5538c412b5b15eff1236de82baff094
SHA-256: 48529dde487f067e430de04f3af30ddc4d8b5c3bd0d77105abb263df98273330
Size: 77.53 kB
Asianux Server 4 for x86_64
- ntp-4.2.6p5-10.2.0.1.AXS4.x86_64.rpm
MD5: 0accb4376ae458e39088c2b46b506b1f
SHA-256: 0a4430724eba9b34f92111020f6874a17ba99a2a10254e6e5b408c207a61ef32
Size: 598.29 kB - ntpdate-4.2.6p5-10.2.0.1.AXS4.x86_64.rpm
MD5: ee8fe80ed7b9e9ccc2c2b44a020ded16
SHA-256: 2a8040e9ff0029039a0918c0ae18b80eeb728e5e6fb68b3f5a6c3531b284c331
Size: 77.62 kB