[Oraclevm-errata] OVMSA-2009-0011 Important: Oracle VM 2.1 ntp security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Wed May 27 11:41:40 PDT 2009
Oracle VM Security Advisory OVMSA-2009-0011
The following updated rpms for Oracle VM 2.1 have been uploaded to the
Unbreakable Linux Network:
i386:
ntp-4.2.2p1-9.el5_3.2.i386.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/SRPMS-updates/ntp-4.2.2p1-9.el5_3.2.src.rpm
Description of changes:
Following security fixes is released in this errata:
CVE-2009-0159 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159>
Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c
in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute
arbitrary code via a crafted response.
CVE-2009-1252 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252>
Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c
in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL
and autokey are enabled, allows remote attackers to execute arbitrary
code via a crafted packet containing an extension field.
CVE-2009-0021 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021>
NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly
check the return value from the OpenSSL EVP_VerifyFinal function, which
allows remote attackers to bypass validation of the certificate chain
via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar
vulnerability to CVE-2008-5077.
[4.2.2p1-9.el5_3.2]
- fix buffer overflow when parsing Autokey association message
(#500783, CVE-2009-1252)
- fix buffer overflow in ntpq (#500783, CVE-2009-0159)
[4.2.2p1-9.el5_3.1]
- fix check for malformed signatures (#479698, CVE-2009-0021)
[4.2.2p1-9.el5]
- fix selecting multicast interface (#444106)
- disable kernel discipline when -x option is used (#431729)
[4.2.2p1-8.el5]
- avoid use of uninitialized floating-point values in clock_select (#250838)
- generate man pages from html source, include config man pages (#307271)
- add note about paths and exit codes to ntpd man page (#242925, #246568)
- add section about exit codes to ntpd man page (#319591)
- always return 0 in scriptlets
[4.2.2p1-7.el5]
- pass additional options to ntpdate (#240141)
[4.2.2p1-6.el5]
- fix broadcast client to accept broadcasts on 255.255.255.255 (#226958)
- compile with crypto support on 64bit architectures (#239580)
- add ncurses-devel to buildrequires (#239580)
- exit with nonzero code if ntpd -q did not set clock (#240134)
- fix return codes in init script (#240118)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.oracle.com/pipermail/oraclevm-errata/attachments/20090527/1fb0b91e/attachment.html
More information about the Oraclevm-errata
mailing list