ntp-4.2.6p5-25.1.0.1.el7.AXS7
エラータID: AXSA:2017-1296:01
The Network Time Protocol (NTP) is used to synchronize a computer's
time with another reference time source. This package includes ntpd
(a daemon which continuously adjusts system time) and utilities used
to query and configure the ntpd daemon.
Perl scripts ntp-wait and ntptrace are in the ntp-perl package,
ntpdate is in the ntpdate package and sntp is in the sntp package.
The documentation is in the ntp-doc package.
Security issues fixed with this release:
CVE-2016-7426
NTP before 4.2.8p9 rate limits responses received from the configured
sources when rate limiting for all associations is enabled, which
allows remote attackers to cause a denial of service (prevent
responses from the sources) by sending responses with a spoofed source
address.
CVE-2016-7429
NTP before 4.2.8p9 changes the peer structure to the interface it
receives the response from a source, which allows remote attackers to
cause a denial of service (prevent communication with a source) by
sending a response for a source to an interface the source does not
use.
CVE-2016-7433
NTP before 4.2.8p9 does not properly perform the initial sync
calculations, which allows remote attackers to unspecified impact via
unknown vectors, related to a "root distance that did not include the
peer dispersion."
CVE-2016-9310
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9
allows remote attackers to set or unset traps via a crafted control
mode packet.
CVE-2016-9311
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows
remote attackers to cause a denial of service (NULL pointer
dereference and crash) via a crafted packet.
Update package.
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.
NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
N/A
SRPMS
- ntp-4.2.6p5-25.1.0.1.el7.AXS7.src.rpm
MD5: 34e4f57d35e2894f725ca6eb994a0fa5
SHA-256: bbd8b3d20d079ab3b12cbfee36f617779483f7d81b81f92e91bd93101783a4ec
Size: 4.13 MB
Asianux Server 7 for x86_64
- ntp-4.2.6p5-25.1.0.1.el7.AXS7.x86_64.rpm
MD5: 2a49b73343476d0ebc8939a5cf2a1999
SHA-256: 4b048859a629eb9b8fea245b4165dbcbde1264947a41237c56adcc346588ac71
Size: 546.39 kB - ntpdate-4.2.6p5-25.1.0.1.el7.AXS7.x86_64.rpm
MD5: ce16af0460721507cba2fc95a9302229
SHA-256: 1df3c81ff882af79ed28e03b30476502d15886569c349f9742b705af05fe8cfb
Size: 84.62 kB