|
|
Subscribe / Log in / New account

Oracle alert ELSA-2016-0780 (ntp)



From:
    	      Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> 


To:
    	      el-errata@oss.oracle.com 


Subject:
    	      [El-errata] ELSA-2016-0780 Moderate: Oracle Linux 6 ntp security and bug fix update 


Date:
    	      Fri, 13 May 2016 10:49:55 -0700


Message-ID:
    	      <573613C3.20006@oracle.com>


Oracle Linux Security Advisory ELSA-2016-0780

http://linux.oracle.com/errata/ELSA-2016-0780.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
ntp-4.2.6p5-10.el6.i686.rpm
ntp-doc-4.2.6p5-10.el6.noarch.rpm
ntp-perl-4.2.6p5-10.el6.i686.rpm
ntpdate-4.2.6p5-10.el6.i686.rpm

x86_64:
ntp-4.2.6p5-10.el6.x86_64.rpm
ntp-doc-4.2.6p5-10.el6.noarch.rpm
ntp-perl-4.2.6p5-10.el6.x86_64.rpm
ntpdate-4.2.6p5-10.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/ntp-4.2.6p5-10.el...



Description of changes:

[4.2.6p5-10]
- don't accept server/peer packets with zero origin timestamp 
(CVE-2015-8138)
- fix crash with reslist command (CVE-2015-7977, CVE-2015-7978)

[4.2.6p5-9]
- fix crash with invalid logconfig command (CVE-2015-5194)
- fix crash when referencing disabled statistic type (CVE-2015-5195)
- don't hang in sntp with crafted reply (CVE-2015-5219)
- don't crash with crafted autokey packet (CVE-2015-7691, CVE-2015-7692,
   CVE-2015-7702)
- fix memory leak with autokey (CVE-2015-7701)
- don't allow setting driftfile and pidfile remotely (CVE-2015-7703)
- don't crash in ntpq with crafted packet (CVE-2015-7852)
- add option to set Differentiated Services Code Point (DSCP) (#1228314)
- extend rawstats log (#1242895)
- fix resetting of leap status (#1243034)
- report clock state changes related to leap seconds (#1242937)
- allow -4/-6 on restrict lines with mask (#1232146)
- retry joining multicast groups (#1288534)
- explain synchronised state in ntpstat man page (#1286969)

[4.2.6p5-7]
- check origin timestamp before accepting KoD RATE packet (CVE-2015-7704)
- allow only one step larger than panic threshold with -g (CVE-2015-5300)


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds