1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3223-1] ntp security update

    From Alessandro Ghedini@1:229/2 to All on Sun Apr 12 18:40:01 2015
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3223-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini
    April 12, 2015 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : ntp
    CVE ID : CVE-2015-1798 CVE-2015-1799
    Debian Bug : 782095

    Multiple vulnerabilities were discovered in ntp, an implementation of the Network Time Protocol:

    CVE-2015-1798

    When configured to use a symmetric key with an NTP peer, ntpd would
    accept packets without MAC as if they had a valid MAC. This could
    allow a remote attacker to bypass the packet authentication and send
    malicious packets without having to know the symmetric key.

    CVE-2015-1799

    When peering with other NTP hosts using authenticated symmetric
    association, ntpd would update its internal state variables before
    the MAC of the NTP messages was validated. This could allow a remote
    attacker to cause a denial of service by impeding synchronization
    between NTP peers.

    Additionally, it was discovered that generating MD5 keys using ntp-keygen
    on big endian machines would either trigger an endless loop, or generate non-random keys.

    For the stable distribution (wheezy), these problems have been fixed in
    version 1:4.2.6.p5+dfsg-2+deb7u4.

    For the unstable distribution (sid), these problems have been fixed in
    version 1:4.2.6.p5+dfsg-7.

    We recommend that you upgrade your ntp packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJVKp1AAAoJEK+lG9bN5XPLE7wQAJDXfePlg+AKUASAmEJPSWlB 7Fqe3YcKgSGORJbXHpcJF30Px9RpYnOlJzMaE7Egkxbz9dPLFhuqZxYzQhErx2gM kOzD3uNSrdjxDDSpE/u1494MR2g3sojdJczhEtZqp4VYagz/Ta2XDsF3APTqapkO kiHt6tCijjhH+d1aktCS3JO4JSGAPAP3qtJbsiDVRmdy35ZESuwiPLKAeHOY+HEO RG4f1Oy2IFUD7XPi8tj1W/l8hy/iZbefp00SwSz7e/6n6JBYqQMnnAWTD2PN58qL zx2Sn2ic4Cm3ggmDeU6QQbOi7uhTFSnShzXgi9r42bV1DR7qmluxzLUxC++pO160 RVgfDe/oYqnp+hvPgcuZs2yXC6ySuz3wwyqu0AZbzIViSUcJgm1RmgAxdysyg2q1 WMA7IP+sk/sKwMwQVwTkZnVP2/ETbJAUl6YKo9tP9py7dU/md750ZDt61Cwr7IF/ b6Abwd8s5NLPjah++M1RzX8E/x8JixI1q77hy0TziToY2RSURfXk4VAypw3CWBQf AOiXHrkJyQ5jAZllUeIOp8z8/Tfuw8NLnnQsCOVDORQjzf/dVRpKRuPrUZLwXcEM eB7tZLXKRH5JchO8iBDB/lMB/w5gBM5Py9KwoSHq7407bNDWQ7tvbObHW6+0vnzi J3aleDDAOv9EIZay5h8E
    =QGoI
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)