ntp security update

ID ELSA-2017-3071
Type oraclelinux
Reporter Oracle
Modified 2017-10-26T00:00:00


[4.2.6p5-12.0.1.el6_9.1] - add disable monitor to default ntp.conf [CVE-2013-5211] [4.2.6p5-12.el6_9.1] - fix buffer overflow in datum refclock driver (CVE-2017-6462) - fix crash with invalid unpeer command (CVE-2017-6463) - fix potential crash with invalid server command (CVE-2017-6464) [4.2.6p5-12] - don't limit rate of packets from sources (CVE-2016-7426) - don't change interface from received packets (CVE-2016-7429) - fix calculation of root distance again (CVE-2016-7433) - require authentication for trap commands (CVE-2016-9310) - fix crash when reporting peer event to trappers (CVE-2016-9311) [4.2.6p5-11] - don't allow spoofed packets to demobilize associations (CVE-2015-7979, CVE-2016-1547) - don't allow spoofed packet to enable symmetric interleaved mode (CVE-2016-1548) - check mode of new source in config command (CVE-2016-2518) - make MAC check resilient against timing attack (CVE-2016-1550)