Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1801-1] New ntp packages fix several vulnerabilities (1

From Thijs Kinkhorst@1:229/2 to All on Tue May 19 16:00:12 2009

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1801-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst
May 19, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : ntp
Vulnerability : buffer overflows
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-0159 CVE-2009-1252
CERT advisory : VU#853097
Debian Bug : 525373

Several remote vulnerabilities have been discovered in NTP, the Network
Time Protocol reference implementation. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2009-0159

A buffer overflow in ntpq allow a remote NTP server to create a
denial of service attack or to execute arbitrary code via a crafted
response.

CVE-2009-1252

A buffer overflow in ntpd allows a remote attacker to create a
denial of service attack or to execute arbitrary code when the
autokey functionality is enabled.

For the old stable distribution (etch), these problems have been fixed in version 4.2.2.p4+dfsg-2etch3.

For the stable distribution (lenny), these problems have been fixed in
version 4.2.4p4+dfsg-8lenny2.

The unstable distribution (sid) will be fixed soon.

We recommend that you upgrade your ntp package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3.dsc
Size/MD5 checksum: 906 8a1376e7b9883a31aeef2b242cddafb3
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg.orig.tar.gz
Size/MD5 checksum: 2199764 ad746cda2d90dbb9ed06fe164273c5d0
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3.diff.gz
Size/MD5 checksum: 182790 1bef0f3e23bc046d7c70b60f257abce8

Architecture independent packages:

http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.2.p4+dfsg-2etch3_all.deb
Size/MD5 checksum: 28068 980216d8940c6f35ef734e8b4696bedb
http://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.2.p4+dfsg-2etch3_all.deb
Size/MD5 checksum: 909142 a4f0b0390ef1d8ea3b42e9f79aa6419c
http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.2.p4+dfsg-2etch3_all.deb
Size/MD5 checksum: 28070 1a62301f74fc9ef23e73b86b168995d1

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_alpha.deb
Size/MD5 checksum: 64896 334da9b0c10e3d061d40313cff2f4aba
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_alpha.deb
Size/MD5 checksum: 407926 2ea4e315e61be332e2799152d117828f

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_amd64.deb
Size/MD5 checksum: 359278 206749f2d5cddbb47f43cadf031200f6
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_amd64.deb
Size/MD5 checksum: 61468 d7c76761a5b81efc6ad09d7339c65f65

arm architecture (ARM)

http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_arm.deb
Size/MD5 checksum: 59472 b7e6f73ba7ecc1b950f5ce4b8713bbc8
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_arm.deb
Size/MD5 checksum: 343500 918b4ed05ccc9beef8b17ed820076736

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_hppa.deb
Size/MD5 checksum: 62008 718ac291a6d5bd5cee16da1ba332277a
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_hppa.deb
Size/MD5 checksum: 372266 a8801148122304f201143b3c83212ef1

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_i386.deb
Size/MD5 checksum: 58244 1e2645f55d880f0b32b189c788a6fa6e
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_i386.deb
Size/MD5 checksum: 330784 2cffe9ce5766d3b3a7dd716451f9940d

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_ia64.deb
Size/MD5 checksum: 74564 11dc5d9603aa107736e25e73a999fed9
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_ia64.deb
Size/MD5 checksum: 523190 4b92e21247b790d31d87cae43288860e

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_mips.deb
Size/MD5 checksum: 382548 7ebe4c29857af28a1d0d47341c03ed9f
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_mips.deb
Size/MD5 checksum: 63444 1479ed9849e0da2119fedd3c07ef0c6e

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_mipsel.deb
Size/MD5 checksum: 390040 7338922ec7c8a810374913a5440b84c8
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_mipsel.deb
Size/MD5 checksum: 63986 63cf40dbea34d855dfa0b4dcab148753

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_powerpc.deb
Size/MD5 checksum: 358710 14eebc6b0f1b5566398761c0e9387e06
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_powerpc.deb
Size/MD5 checksum: 61548 6f7d62dbce9a7e476c5740556e05adbe

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_s390.deb
Size/MD5 checksum: 61102 1cbb204bb34886adaf67f65add882fb6
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_s390.deb
Size/MD5 checksum: 350088 2a27fe8eaedfac99221d0e0958750b69

sparc architecture (Sun SPARC/UltraSPARC)

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Furryboy
  Sun Jun 7 13:40:29 2026
  from Romania, Galati via SSH
- Krenn
  Sun Jun 7 10:02:33 2026
  from Sydney, Nsw via Telnet
- Spearb0y
  Sun Jun 7 07:41:05 2026
  from Massachusetts via SSH
- Krenn
  Sun Jun 7 03:07:26 2026
  from Sydney, Nsw via Telnet
- Krenn
  Sun Jun 7 01:30:12 2026
  from Sydney, Nsw via Telnet
- Centurion
  Sat Jun 6 23:27:30 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Sat Jun 6 15:42:53 2026
  from Sheboygan, Wi via Telnet
- Centurion
  Sat Jun 6 15:32:28 2026
  from Berea, Ohio via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (0 / 16)
Uptime:	169:15:07
Calls:	12,097
Calls today:	5
Files:	15,003
Messages:	6,517,834

[SECURITY] [DSA 1801-1] New ntp packages fix several vulnerabilities (1

Who's Online

Recent Visitors

System Info