Update ntpdate to fix vulnerabilities.

Bug #379482 reported by Nicola Ferralis on 2009-05-22
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
The Dell Mini Project
Undecided
Unassigned

Bug Description

ntpdate in hardy for dell mini (1:4.2.4p4+dfsg-3ubuntu2.1) is affected by 2 vulnerabilities, fixed in generic hardy (1:4.2.4p4+dfsg-3ubuntu2.2)

Changelog 1:4.2.4p4+dfsg-3ubuntu2.2
  * SECURITY UPDATE: stack overflow in ntpd when autokey is enabled
    - debian/patches/CVE-2009-1252.patch: update ntpd/ntp_crypto.c to use
      snprintf() with NTP_MAXSTRLEN when writing to statstr. Also defensively
      adjust ntp_peer.c and ntp_timer.c to do the same.
    - CVE-2009-1252
  * SECURITY UPDATE: stack overflow in ntpq when contacting malicious ntp
    server
    - debian/patches/CVE-2009-0159.patch: increase size of buffer in
      cookedprint() in ntpq/ntpq.c and adjust to use snprintf()
    - CVE-2009-0159

CVE References

security vulnerability: no → yes
Chris Wayne (cwayne18) on 2009-06-16
Changed in dell-mini:
status: New → Confirmed
Changed in dell-mini:
status: Confirmed → Fix Committed
Changed in dell-mini:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers