[Oraclevm-errata] OVMSA-2016-0082 Moderate: Oracle VM 3.4 ntp security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Tue May 31 14:50:49 PDT 2016

Oracle VM Security Advisory OVMSA-2016-0082

The following updated rpms for Oracle VM 3.4 have been uploaded to the 
Unbreakable Linux Network:



Description of changes:

- don't allow spoofed packets to demobilize associations (CVE-2015-7979,
- don't allow spoofed packet to enable symmetric interleaved mode
- check mode of new source in config command (CVE-2016-2518)
- make MAC check resilient against timing attack (CVE-2016-1550)

- don't accept server/peer packets with zero origin timestamp 
- fix crash with reslist command (CVE-2015-7977, CVE-2015-7978)

- fix crash with invalid logconfig command (CVE-2015-5194)
- fix crash when referencing disabled statistic type (CVE-2015-5195)
- don't hang in sntp with crafted reply (CVE-2015-5219)
- don't crash with crafted autokey packet (CVE-2015-7691, CVE-2015-7692,
- fix memory leak with autokey (CVE-2015-7701)
- don't allow setting driftfile and pidfile remotely (CVE-2015-7703)
- don't crash in ntpq with crafted packet (CVE-2015-7852)
- add option to set Differentiated Services Code Point (DSCP) (#1228314)
- extend rawstats log (#1242895)
- fix resetting of leap status (#1243034)
- report clock state changes related to leap seconds (#1242937)
- allow -4/-6 on restrict lines with mask (#1232146)
- retry joining multicast groups (#1288534)
- explain synchronised state in ntpstat man page (#1286969)

- check origin timestamp before accepting KoD RATE packet (CVE-2015-7704)
- allow only one step larger than panic threshold with -g (CVE-2015-5300)

More information about the Oraclevm-errata mailing list