-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:092 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ntp Date : April 13, 2009 Affected: 2008.1, 2009.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in ntp: Requesting peer information from a malicious remote time server may lead to an unexpected application termination or arbitrary code execution (CVE-2009-0159). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: fa2e899a5c08b6750e6ea0f4a8b0fee9 2008.1/i586/ntp-4.2.4-15.2mdv2008.1.i586.rpm d4d4dcf38ffd0d9e767523618fa7c891 2008.1/i586/ntp-client-4.2.4-15.2mdv2008.1.i586.rpm 978f4db4624d049e4272948ade524843 2008.1/i586/ntp-doc-4.2.4-15.2mdv2008.1.i586.rpm 1ac618eb1d0dd6efecdfb47704008c77 2008.1/SRPMS/ntp-4.2.4-15.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: ee55987fb8ecfa749d8b5aae9a674bba 2008.1/x86_64/ntp-4.2.4-15.2mdv2008.1.x86_64.rpm d7c70554fa0fbf48652ae92ab79dd7ac 2008.1/x86_64/ntp-client-4.2.4-15.2mdv2008.1.x86_64.rpm 860cd9734552b72413366e5338e210cb 2008.1/x86_64/ntp-doc-4.2.4-15.2mdv2008.1.x86_64.rpm 1ac618eb1d0dd6efecdfb47704008c77 2008.1/SRPMS/ntp-4.2.4-15.2mdv2008.1.src.rpm Mandriva Linux 2009.0: 20aacfaed4e0a8c57bfce708b2bdb9ef 2009.0/i586/ntp-4.2.4-18.2mdv2009.0.i586.rpm 7d7abf45a007b3689350a187b7545a8c 2009.0/i586/ntp-client-4.2.4-18.2mdv2009.0.i586.rpm 961b7ddb38b90a7d226dcecd8ca55ca4 2009.0/i586/ntp-doc-4.2.4-18.2mdv2009.0.i586.rpm dbaec3d902f5e97a8dd337861d0a6269 2009.0/SRPMS/ntp-4.2.4-18.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: d635643851f3786f794496f8e10e6f81 2009.0/x86_64/ntp-4.2.4-18.2mdv2009.0.x86_64.rpm ae6c90899b7e10fdd36797d4af2b740c 2009.0/x86_64/ntp-client-4.2.4-18.2mdv2009.0.x86_64.rpm a388b933ba7cee525a1b0d5918e51486 2009.0/x86_64/ntp-doc-4.2.4-18.2mdv2009.0.x86_64.rpm dbaec3d902f5e97a8dd337861d0a6269 2009.0/SRPMS/ntp-4.2.4-18.2mdv2009.0.src.rpm Corporate 3.0: 37c5516f89e9ca6022394f0c842a04c7 corporate/3.0/i586/ntp-4.2.0-2.2.C30mdk.i586.rpm 52e72a1c531e59f32070671178b19781 corporate/3.0/SRPMS/ntp-4.2.0-2.2.C30mdk.src.rpm Corporate 3.0/X86_64: 57312527659949cf347d0fb14a00669a corporate/3.0/x86_64/ntp-4.2.0-2.2.C30mdk.x86_64.rpm 52e72a1c531e59f32070671178b19781 corporate/3.0/SRPMS/ntp-4.2.0-2.2.C30mdk.src.rpm Corporate 4.0: 990fe822e0532c6f0f612e4fbf5384c4 corporate/4.0/i586/ntp-4.2.0-21.4.20060mlcs4.i586.rpm d80cb0b61f766f6a12294bc2ecce4845 corporate/4.0/i586/ntp-client-4.2.0-21.4.20060mlcs4.i586.rpm 1999fbff4d59f82c58d2948a33032b00 corporate/4.0/SRPMS/ntp-4.2.0-21.4.20060mlcs4.src.rpm Corporate 4.0/X86_64: 0d817fe7d3817e81b9b51ec85d8d084a corporate/4.0/x86_64/ntp-4.2.0-21.4.20060mlcs4.x86_64.rpm 1cf7b7f4dbcd4ed1a498d603607f1b79 corporate/4.0/x86_64/ntp-client-4.2.0-21.4.20060mlcs4.x86_64.rpm 1999fbff4d59f82c58d2948a33032b00 corporate/4.0/SRPMS/ntp-4.2.0-21.4.20060mlcs4.src.rpm Multi Network Firewall 2.0: e5f176d0f8bae6c07bbbfdb1adeda82d mnf/2.0/i586/ntp-4.2.0-2.2.C30mdk.i586.rpm 0b5d073ff7909b891ba510736f742cf7 mnf/2.0/SRPMS/ntp-4.2.0-2.2.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJ42LcmqjQ0CJFipgRAgKwAKDyhweSw1BzCJUUWuhEEYyVH+iQ3ACglzmV qBP6fgl6WRYu46HkdqlJs4k= =3g1E -----END PGP SIGNATURE-----
