This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============7607822938027416938== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="IenuuMmWw3MqE4Ec7pKVqnnUKcIOvB6m0"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --IenuuMmWw3MqE4Ec7pKVqnnUKcIOvB6m0 Content-Type: multipart/mixed; boundary="j3FjMtcFEWRh2i217ud53weAGMp9n0qsQ"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> Message-ID: <35fc1afc-24f4-bd9f-c48c-2420352fcef3@canonical.com> Subject: [USN-3349-1] NTP vulnerabilities
--j3FjMtcFEWRh2i217ud53weAGMp9n0qsQ Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3349-1 July 05, 2017
ntp vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04 - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in NTP.
Software Description: - ntp: Network Time Protocol daemon and utility programs
Details:
Yihan Lian discovered that NTP incorrectly handled certain large request data values. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-2519)
Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7426)
Matthew Van Gundy discovered that NTP incorrectly handled certain crafted broadcast mode packets. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7427, CVE-2016-7428)
Miroslav Lichvar discovered that NTP incorrectly handled certain responses. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7429)
Sharon Goldberg and Aanchal Malhotra discovered that NTP incorrectly handled origin timestamps of zero. A remote attacker could possibly use this issue to bypass the origin timestamp protection mechanism. This issue only affected Ubuntu 16.10. (CVE-2016-7431)
Brian Utterback, Sharon Goldberg and Aanchal Malhotra discovered that NTP incorrectly performed initial sync calculations. This issue only applied to Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7433)
Magnus Stubman discovered that NTP incorrectly handled certain mrulist queries. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7434)
Matthew Van Gund discovered that NTP incorrectly handled origin timestamp checks. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu Ubuntu 16.10, and Ubuntu 17.04. (CVE-2016-9042)
Matthew Van Gundy discovered that NTP incorrectly handled certain control mode packets. A remote attacker could use this issue to set or unset traps. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9310)
Matthew Van Gundy discovered that NTP incorrectly handled the trap service. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9311)
It was discovered that NTP incorrectly handled memory when processing long variables. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2017-6458)
It was discovered that NTP incorrectly handled memory when processing long variables. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-6460)
It was discovered that the NTP legacy DPTS refclock driver incorrectly handled the /dev/datum device. A local attacker could possibly use this issue to cause a denial of service. (CVE-2017-6462)
It was discovered that NTP incorrectly handled certain invalid settings in a :config directive. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2017-6463)
It was discovered that NTP incorrectly handled certain invalid mode configuration directives. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2017-6464)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: ntp 1:4.2.8p9+dfsg-2ubuntu1.1
Ubuntu 16.10: ntp 1:4.2.8p8+dfsg-1ubuntu2.1
Ubuntu 16.04 LTS: ntp 1:4.2.8p4+dfsg-3ubuntu5.5
Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.11
In general, a standard system update will make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3349-1 CVE-2016-2519, CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7429, CVE-2016-7431, CVE-2016-7433, CVE-2016-7434, CVE-2016-9042, CVE-2016-9310, CVE-2016-9311, CVE-2017-6458, CVE-2017-6460, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464
Package Information: https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p9+dfsg-2ubuntu1.1 https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p8+dfsg-1ubuntu2.1 https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.5 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.11
--j3FjMtcFEWRh2i217ud53weAGMp9n0qsQ--
--IenuuMmWw3MqE4Ec7pKVqnnUKcIOvB6m0 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJZXTfiAAoJEGVp2FWnRL6T8lUP/jfxdoiceRYCTXUyyJLJ1P2P zHB4PLh/nq2ZE2KzXOcv5nWXoGqSMBgIYNqS+ycb1KXV04Tw+YO/nkMNVaAYbVQX CXqipTbPyEsP3dHhj//+/ea93jVSBAtD2ibMmKyj/pjWukr7LU6zJHYC2UUlBG0/ AtlmK1mOmWHLt5By17ekWaDz1qHgHYOieEFAPaAD249CFvnlB6asAvbA7VK79dvL uPBHmoRdIzqEYskGceU/AgE1s/YtkSXqPlNsH59EyQ4UOiQm6xO1MiY98aV7YBZf hEh8YD4rD+qvR8P7aSH6H2TBA5kHrv0O+H6iWe04kgRv8ugzb2pl/mH4SMb8eITy iL71AuRoAfnUGWIXGRLBxFpLHJ9ryOFMcwPQp5GUusHkCpSE5E6yw+TOWZJZzkE/ AuQ89qjNdkjgs8cpXPvDzrcZ2xbjQI1y4vAD4CGr+KtOS7zGPnwquQn5k54lGsQo qxZ26SN1v6LCgo1HVQzhAo8goFasFPbP54D/e95y/yFhLsj3mslMN9FQM6AmK13h Hs2LoceUPK+ecoTaXgkStGgRKEMX383cp+CbUIUMYjjuW4+NEpTBLPG43FHDqtIB WWxsGbUZNtTUqbn9TRyNJOJgVT9n0HZpeZBK+EplcZksXjEDa5Hpr+mWHIOEufwc VaJviJp+1FqSkOTlhF6U =0Q0Y -----END PGP SIGNATURE-----
--IenuuMmWw3MqE4Ec7pKVqnnUKcIOvB6m0--
--===============7607822938027416938== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============7607822938027416938==--
|