ntp-4.2.6p5-28.0.1.el7.AXS7

エラータID: AXSA:2018-2935:01

Release date: 
Wednesday, April 18, 2018 - 16:39
Subject: 
ntp-4.2.6p5-28.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.

Security Fix(es):

* ntp: Authenticated DoS via Malicious Config Option (CVE-2017-6463)

* ntp: Denial of Service via Malformed Config (CVE-2017-6464)

* ntp: Buffer Overflow in DPTS Clock (CVE-2017-6462)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Asianux would like to thank the NTP project for reporting these issues. Upstream acknowledges Cure53 as the original reporter of these issues.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.5 Release Notes linked from the References section.

CVE-2017-6462
Buffer overflow in the legacy Datum Programmable Time Server (DPTS)
refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows
local users to have unspecified impact via a crafted /dev/datum
device.
CVE-2017-6463
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote
authenticated users to cause a denial of service (daemon crash) via an
invalid setting in a :config directive, related to the unpeer option.
CVE-2017-6464
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to
cause a denial of service (ntpd crash) via a malformed mode
configuration directive.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. ntp-4.2.6p5-28.0.1.el7.AXS7.src.rpm
    MD5: 69a2f8d2167ecb4aa54f838f3d38e493
    SHA-256: f4ca4d8d56aeefd1e06058c226ca435d88e6ab851d2d7feb24ded3c8ce5d4e45
    Size: 4.14 MB

Asianux Server 7 for x86_64
  1. ntp-4.2.6p5-28.0.1.el7.AXS7.x86_64.rpm
    MD5: 38cd17e3d6fc035946a66434fa9dad28
    SHA-256: 83e24ab5d2ba5fde4dba117f79d376786a04cd5599606cf03a070dddf6368dfc
    Size: 548.00 kB
  2. ntpdate-4.2.6p5-28.0.1.el7.AXS7.x86_64.rpm
    MD5: 3a6ba64fd4ae6d181cf3bfe4360601ad
    SHA-256: 8aa688f79cc6cf22f1db1a3fe655d49e83729018e774234373713ba626e1bb27
    Size: 85.08 kB