Ntp; Rhsa-2009:1039: Important Security Update; Rhsa-2009:0046: Moderate Security Update - Red Hat ENTERPRISE LINUX 5.4 - TECHNICAL NOTES Manual

Chapter 1. Package Updates

1.158. ntp

1.158.1. RHSA-2009:1039: Important security update

Important
This update has already been released (prior to the GA of this release) as the security
RHSA-2009:1039
errata
An updated ntp package that fixes two security issues is now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red Hat Security Response
Team.
The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time
source.
A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was
configured to use public key cryptography for NTP packet authentication, a remote attacker could use
this flaw to send a specially-crafted request packet that could crash ntpd.
Note
NTP authentication is not enabled by default.
A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could
send a specially-crafted reply to an ntpq request that could crash ntpq.
All ntp users are advised to upgrade to this updated package, which contains backported patches to
resolve these issues. After installing the update, the ntpd daemon will be restarted automatically.

1.158.2. RHSA-2009:0046: Moderate security update

Important
This update has already been released (prior to the GA of this release) as the security
RHSA-2009:0046
errata
Updated ntp packages to correct a security issue are now available for Red Hat Enterprise Linux 4 and
5.
This update has been rated as having moderate security impact by the Red Hat Security Response
Team.
The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time
source.
1287
https://www.redhat.com/security/data/cve/CVE-2009-1252.html
1288
https://www.redhat.com/security/data/cve/CVE-2009-0159.html
182
1286
1289
1287
(CVE-2009-1252
1288
(CVE-2009-0159 )
)