The Dell Mini Project

Update ntpdate to fix vulnerabilities.

Bug #379482 reported by Nicola Ferralis on 2009-05-22

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	The Dell Mini Project	Fix Released	Undecided	Unassigned

Bug Description

ntpdate in hardy for dell mini (1:4.2.4p4+dfsg-3ubuntu2.1) is affected by 2 vulnerabilities, fixed in generic hardy (1:4.2.4p4+dfsg-3ubuntu2.2)

Changelog 1:4.2.4p4+dfsg-3ubuntu2.2
  * SECURITY UPDATE: stack overflow in ntpd when autokey is enabled
    - debian/patches/CVE-2009-1252.patch: update ntpd/ntp_crypto.c to use
      snprintf() with NTP_MAXSTRLEN when writing to statstr. Also defensively
      adjust ntp_peer.c and ntp_timer.c to do the same.
    - CVE-2009-1252
  * SECURITY UPDATE: stack overflow in ntpq when contacting malicious ntp
    server
    - debian/patches/CVE-2009-0159.patch: increase size of buffer in
      cookedprint() in ntpq/ntpq.c and adjust to use snprintf()
    - CVE-2009-0159

CVE References

Nicola Ferralis (feranick) on 2009-05-22

security vulnerability:

no → yes

Chris Wayne (cwayne) on 2009-06-16

Changed in dell-mini:
status:	New → Confirmed

Nicola Ferralis (feranick) on 2009-06-22

Changed in dell-mini:
status:	Confirmed → Fix Committed

Nicola Ferralis (feranick) on 2009-06-29

Changed in dell-mini:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.