← Back to team overview

oem-qa team mailing list archive

  1. oem-qa team
  2. Mailing list archive
  3. Message #00273

[Bug 379482] [NEW] Update ntpdate to fix vulnerabilities.

  Thread PreviousDate PreviousThread Next 
*** This bug is a security vulnerability ***

Public security bug reported:

ntpdate in hardy for dell mini (1:4.2.4p4+dfsg-3ubuntu2.1) is affected
by 2 vulnerabilities, fixed in generic hardy (1:4.2.4p4+dfsg-3ubuntu2.2)

Changelog 1:4.2.4p4+dfsg-3ubuntu2.2
  * SECURITY UPDATE: stack overflow in ntpd when autokey is enabled
    - debian/patches/CVE-2009-1252.patch: update ntpd/ntp_crypto.c to use
      snprintf() with NTP_MAXSTRLEN when writing to statstr. Also defensively
      adjust ntp_peer.c and ntp_timer.c to do the same.
    - CVE-2009-1252
  * SECURITY UPDATE: stack overflow in ntpq when contacting malicious ntp
    server
    - debian/patches/CVE-2009-0159.patch: increase size of buffer in
      cookedprint() in ntpq/ntpq.c and adjust to use snprintf()
    - CVE-2009-0159

** Affects: dell-mini
     Importance: Undecided
         Status: New

** This bug has been flagged as a security vulnerability

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-1252

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0159

-- 
Update ntpdate to fix vulnerabilities.
https://bugs.launchpad.net/bugs/379482
You received this bug notification because you are a member of OEM
Services QA, which is subscribed to The Dell Mini Project.

Status in Dell Inspiron Mini with Custom Dell UI: New

Bug description:
ntpdate in hardy for dell mini (1:4.2.4p4+dfsg-3ubuntu2.1) is affected by 2 vulnerabilities, fixed in generic hardy (1:4.2.4p4+dfsg-3ubuntu2.2)

Changelog 1:4.2.4p4+dfsg-3ubuntu2.2
  * SECURITY UPDATE: stack overflow in ntpd when autokey is enabled
    - debian/patches/CVE-2009-1252.patch: update ntpd/ntp_crypto.c to use
      snprintf() with NTP_MAXSTRLEN when writing to statstr. Also defensively
      adjust ntp_peer.c and ntp_timer.c to do the same.
    - CVE-2009-1252
  * SECURITY UPDATE: stack overflow in ntpq when contacting malicious ntp
    server
    - debian/patches/CVE-2009-0159.patch: increase size of buffer in
      cookedprint() in ntpq/ntpq.c and adjust to use snprintf()
    - CVE-2009-0159

Follow ups

References

  Thread PreviousDate PreviousThread Next