[Oraclevm-errata] OVMSA-2009-0011 Important: Oracle VM 2.1 ntp security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Wed May 27 11:41:40 PDT 2009

Oracle VM Security Advisory OVMSA-2009-0011

The following updated rpms for Oracle VM 2.1 have been uploaded to the 
Unbreakable Linux Network:



Description of changes:

Following security fixes is released in this errata:

CVE-2009-0159 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159>
Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c 
in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute 
arbitrary code via a crafted response.

CVE-2009-1252 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252>
Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c 
in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL 
and autokey are enabled, allows remote attackers to execute arbitrary 
code via a crafted packet containing an extension field.

CVE-2009-0021 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021>
NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly 
check the return value from the OpenSSL EVP_VerifyFinal function, which 
allows remote attackers to bypass validation of the certificate chain 
via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar 
vulnerability to CVE-2008-5077.

- fix buffer overflow when parsing Autokey association message
  (#500783, CVE-2009-1252)
- fix buffer overflow in ntpq (#500783, CVE-2009-0159)

- fix check for malformed signatures (#479698, CVE-2009-0021)

- fix selecting multicast interface (#444106)
- disable kernel discipline when -x option is used (#431729)

- avoid use of uninitialized floating-point values in clock_select (#250838)
- generate man pages from html source, include config man pages (#307271)
- add note about paths and exit codes to ntpd man page (#242925, #246568)
- add section about exit codes to ntpd man page (#319591)
- always return 0 in scriptlets

- pass additional options to ntpdate (#240141)

- fix broadcast client to accept broadcasts on (#226958)
- compile with crypto support on 64bit architectures (#239580)
- add ncurses-devel to buildrequires (#239580)
- exit with nonzero code if ntpd -q did not set clock (#240134)
- fix return codes in init script (#240118)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.oracle.com/pipermail/oraclevm-errata/attachments/20090527/1fb0b91e/attachment.html 

More information about the Oraclevm-errata mailing list