1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3388-1] ntp security update (2/2)

    From Moritz Muehlenhoff@1:229/2 to All on Sun Nov 1 23:30:01 2015
    [continued from previous message]

    failure when processing a mode 6 or mode 7 packet containing an
    unusually long data value where a network address was expected. This
    could allow an authenticated attacker to crash ntpd.

    CVE-2015-7871

    An error handling logic error exists within ntpd that manifests due
    to improper error condition handling associated with certain
    crypto-NAK packets. An unauthenticated, off-path attacker can force
    ntpd processes on targeted servers to peer with time sources of the
    attacker's choosing by transmitting symmetric active crypto-NAK
    packets to ntpd. This attack bypasses the authentication typically
    required to establish a peer association and allows an attacker to
    make arbitrary changes to system time.

    For the oldstable distribution (wheezy), these problems have been fixed
    in version 1:4.2.6.p5+dfsg-2+deb7u6.

    For the stable distribution (jessie), these problems have been fixed in
    version 1:4.2.6.p5+dfsg-7+deb8u1.

    For the testing distribution (stretch), these problems have been fixed
    in version 1:4.2.8p4+dfsg-3.

    For the unstable distribution (sid), these problems have been fixed in
    version 1:4.2.8p4+dfsg-3.

    We recommend that you upgrade your ntp packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2

    iQIcBAEBCAAGBQJWNo/RAAoJEBDCk7bDfE42AakP/i8yAUHEguJRRKG/57ikoDsY ANh1FWZGgXgsHfEzo0oTxmrHagSmVBVxQm7lTUC0Z9iu9Jt58V53ROf14ONdYPFJ I+hboT4dFsaFkPxNZ6gGdiS74bEil2xiUYz7W24/8Z2bD3P6pO9cRXuHa/N0bD1h pgzrJxRdOT3JKuJ/o7UX6XBRuxCKr9iC67BAtax0qDNj6jhZ9akMNLsbkxd5lZG4 QUtmmCrXk6MlsPp/Ckn9HId3rtqhdgYOc2yhkfZvwW1X/yMN3v+VIeWukM4yjw9T DLgiQZGhxLgZGYjGagRbnq94MJZDk02we0yxLqMlrjsrtp047b4tzuIesAwek5cw BblJauI7N2nWg7C31bQrW9IT1ndK5ScXWTEsCYQwYCFckWhr58ypfUQXS6YptRfd NKFHRBrHUnCf/7ANvVwewNjo13eeYfkK/dw4zHBXRlXP6b+CgX8sO3LRpiKVqy5j m43xGv5JL4PNLV5s6RHl5NB0kQNPzNBd6/Ef5GLr7XUWXkxz2aH5VLeTVaWlg2dp xcU/IM/dJ/8033ryKGqOpEhCVOfsG0jCVvnlggyWLIaOgqi5UQalGwNChGWtiKqI eZC+XMR3ZIYdOWjSkBRP2yPdIpfiXQe9n6qnzOSd98NsdnjfGoROPeUnNGo5gJh0 Lel5K+Jr+hVi/HyapP+X
    =MnQO
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)