ntp

2019-03-08T11:15:33
ID SSA-2019-067-01
Type slackware
Reporter Slackware Linux Project
Modified 2019-03-08T11:15:33

Description

New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:

patches/packages/ntp-4.2.8p13-i586-1_slack14.2.txz: Upgraded. This release fixes a bug that allows an attacker with access to an explicitly trusted source to send a crafted malicious mode 6 (ntpq) packet that can trigger a NULL pointer dereference, crashing ntpd. It also provides 17 other bugfixes and 1 other improvement. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8936 ( Security fix )

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p13-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p13-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p13-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p13-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ntp-4.2.8p13-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ntp-4.2.8p13-x86_64-1_slack14.2.txz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p13-i586-1.txz

Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p13-x86_64-1.txz

MD5 signatures:

Slackware 14.0 package: 5f793a49c125f84588f35f3188bc66a5 ntp-4.2.8p13-i486-1_slack14.0.txz

Slackware x86_64 14.0 package: 7e267fa9417e49dc12419be62dde2fbe ntp-4.2.8p13-x86_64-1_slack14.0.txz

Slackware 14.1 package: ad9f93989093f0e000a4f412cee01104 ntp-4.2.8p13-i486-1_slack14.1.txz

Slackware x86_64 14.1 package: 57959b70be4e6aa471ccff83d25ba172 ntp-4.2.8p13-x86_64-1_slack14.1.txz

Slackware 14.2 package: a88168ed545465b2ec789127c83d70be ntp-4.2.8p13-i586-1_slack14.2.txz

Slackware x86_64 14.2 package: 7756b9440efee21ff1f61b94beaafa66 ntp-4.2.8p13-x86_64-1_slack14.2.txz

Slackware -current package: a6498ca0614e59cfc456077ffd4cdf16 n/ntp-4.2.8p13-i586-1.txz

Slackware x86_64 -current package: c028aff712c76be79c4a85b05884f988 n/ntp-4.2.8p13-x86_64-1.txz

Installation instructions:

Upgrade the package as root: > upgradepkg ntp-4.2.8p13-i586-1_slack14.2.txz

Then, restart the NTP daemon:

> sh /etc/rc.d/rc.ntpd restart