<<< Date Index >>>     <<< Thread Index >>>

[ MDVSA-2009:092 ] ntp



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:092
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : ntp
 Date    : April 13, 2009
 Affected: 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in ntp:
 
 Requesting peer information from a malicious remote time server
 may lead to an unexpected application termination or arbitrary code
 execution (CVE-2009-0159).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 fa2e899a5c08b6750e6ea0f4a8b0fee9  2008.1/i586/ntp-4.2.4-15.2mdv2008.1.i586.rpm
 d4d4dcf38ffd0d9e767523618fa7c891  
2008.1/i586/ntp-client-4.2.4-15.2mdv2008.1.i586.rpm
 978f4db4624d049e4272948ade524843  
2008.1/i586/ntp-doc-4.2.4-15.2mdv2008.1.i586.rpm 
 1ac618eb1d0dd6efecdfb47704008c77  2008.1/SRPMS/ntp-4.2.4-15.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 ee55987fb8ecfa749d8b5aae9a674bba  
2008.1/x86_64/ntp-4.2.4-15.2mdv2008.1.x86_64.rpm
 d7c70554fa0fbf48652ae92ab79dd7ac  
2008.1/x86_64/ntp-client-4.2.4-15.2mdv2008.1.x86_64.rpm
 860cd9734552b72413366e5338e210cb  
2008.1/x86_64/ntp-doc-4.2.4-15.2mdv2008.1.x86_64.rpm 
 1ac618eb1d0dd6efecdfb47704008c77  2008.1/SRPMS/ntp-4.2.4-15.2mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 20aacfaed4e0a8c57bfce708b2bdb9ef  2009.0/i586/ntp-4.2.4-18.2mdv2009.0.i586.rpm
 7d7abf45a007b3689350a187b7545a8c  
2009.0/i586/ntp-client-4.2.4-18.2mdv2009.0.i586.rpm
 961b7ddb38b90a7d226dcecd8ca55ca4  
2009.0/i586/ntp-doc-4.2.4-18.2mdv2009.0.i586.rpm 
 dbaec3d902f5e97a8dd337861d0a6269  2009.0/SRPMS/ntp-4.2.4-18.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 d635643851f3786f794496f8e10e6f81  
2009.0/x86_64/ntp-4.2.4-18.2mdv2009.0.x86_64.rpm
 ae6c90899b7e10fdd36797d4af2b740c  
2009.0/x86_64/ntp-client-4.2.4-18.2mdv2009.0.x86_64.rpm
 a388b933ba7cee525a1b0d5918e51486  
2009.0/x86_64/ntp-doc-4.2.4-18.2mdv2009.0.x86_64.rpm 
 dbaec3d902f5e97a8dd337861d0a6269  2009.0/SRPMS/ntp-4.2.4-18.2mdv2009.0.src.rpm

 Corporate 3.0:
 37c5516f89e9ca6022394f0c842a04c7  
corporate/3.0/i586/ntp-4.2.0-2.2.C30mdk.i586.rpm 
 52e72a1c531e59f32070671178b19781  
corporate/3.0/SRPMS/ntp-4.2.0-2.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 57312527659949cf347d0fb14a00669a  
corporate/3.0/x86_64/ntp-4.2.0-2.2.C30mdk.x86_64.rpm 
 52e72a1c531e59f32070671178b19781  
corporate/3.0/SRPMS/ntp-4.2.0-2.2.C30mdk.src.rpm

 Corporate 4.0:
 990fe822e0532c6f0f612e4fbf5384c4  
corporate/4.0/i586/ntp-4.2.0-21.4.20060mlcs4.i586.rpm
 d80cb0b61f766f6a12294bc2ecce4845  
corporate/4.0/i586/ntp-client-4.2.0-21.4.20060mlcs4.i586.rpm 
 1999fbff4d59f82c58d2948a33032b00  
corporate/4.0/SRPMS/ntp-4.2.0-21.4.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 0d817fe7d3817e81b9b51ec85d8d084a  
corporate/4.0/x86_64/ntp-4.2.0-21.4.20060mlcs4.x86_64.rpm
 1cf7b7f4dbcd4ed1a498d603607f1b79  
corporate/4.0/x86_64/ntp-client-4.2.0-21.4.20060mlcs4.x86_64.rpm 
 1999fbff4d59f82c58d2948a33032b00  
corporate/4.0/SRPMS/ntp-4.2.0-21.4.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 e5f176d0f8bae6c07bbbfdb1adeda82d  mnf/2.0/i586/ntp-4.2.0-2.2.C30mdk.i586.rpm 
 0b5d073ff7909b891ba510736f742cf7  mnf/2.0/SRPMS/ntp-4.2.0-2.2.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ42LcmqjQ0CJFipgRAgKwAKDyhweSw1BzCJUUWuhEEYyVH+iQ3ACglzmV
qBP6fgl6WRYu46HkdqlJs4k=
=3g1E
-----END PGP SIGNATURE-----