Medium: ntp

Issue Overview:

2024-02-15: CVE-2023-26555 was added to this advisory.

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. (CVE-2023-26551)

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. (CVE-2023-26552)

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. (CVE-2023-26553)

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a ‘\0’ character. (CVE-2023-26554)

praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver. (CVE-2023-26555)

Affected Packages:

ntp

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update ntp to update your system.

New Packages:

aarch64:  
    ntp-4.2.8p15-3.amzn2.0.7.aarch64  
    ntpdate-4.2.8p15-3.amzn2.0.7.aarch64  
    sntp-4.2.8p15-3.amzn2.0.7.aarch64  
    ntp-debuginfo-4.2.8p15-3.amzn2.0.7.aarch64  
  
i686:  
    ntp-4.2.8p15-3.amzn2.0.7.i686  
    ntpdate-4.2.8p15-3.amzn2.0.7.i686  
    sntp-4.2.8p15-3.amzn2.0.7.i686  
    ntp-debuginfo-4.2.8p15-3.amzn2.0.7.i686  
  
noarch:  
    ntp-perl-4.2.8p15-3.amzn2.0.7.noarch  
    ntp-doc-4.2.8p15-3.amzn2.0.7.noarch  
  
src:  
    ntp-4.2.8p15-3.amzn2.0.7.src  
  
x86_64:  
    ntp-4.2.8p15-3.amzn2.0.7.x86_64  
    ntpdate-4.2.8p15-3.amzn2.0.7.x86_64  
    sntp-4.2.8p15-3.amzn2.0.7.x86_64  
    ntp-debuginfo-4.2.8p15-3.amzn2.0.7.x86_64  

Additional References

Red Hat: CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554, CVE-2023-26555

Mitre: CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554, CVE-2023-26555