Описание
ELSA-2019-2077: ntp security, bug fix, and enhancement update (LOW)
[4.2.6p5-29.0.1]
- Bump release to avoid ULN conflict with Oracle modified errata.
[4.2.6p5-29]
- fix CVE-2016-7429 patch to restore default ttl configuration (#1550637)
- fix buffer overflow in parsing of address in ntpq and ntpdc (CVE-2018-12327)
- fix crash in parsing of received address in ntpq (#1616250)
- avoid reading freed memory after disabling netlink socket (#1555401)
- dont disable netlink socket on ENOBUFS error (#1555413)
- replace ntpstat with shell script using ntpq and supporting chrony (#1592871)
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
ntp
4.2.6p5-29.0.1.el7
ntp-doc
4.2.6p5-29.0.1.el7
ntp-perl
4.2.6p5-29.0.1.el7
ntpdate
4.2.6p5-29.0.1.el7
sntp
4.2.6p5-29.0.1.el7
Oracle Linux x86_64
ntp
4.2.6p5-29.0.1.el7
ntp-doc
4.2.6p5-29.0.1.el7
ntp-perl
4.2.6p5-29.0.1.el7
ntpdate
4.2.6p5-29.0.1.el7
sntp
4.2.6p5-29.0.1.el7
Связанные CVE
Связанные уязвимости
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 ...
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.