Login
Newsletter
Werbung

Sicherheit: Mangelnde Prüfung von Zertifikaten in ntp
Aktuelle Meldungen Distributionen
Name: Mangelnde Prüfung von Zertifikaten in ntp
ID: MDVSA-2009:007
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Multi Network Firewall 2.0, Mandriva Corporate 4.0, Mandriva 2008.0, Mandriva 2008.1, Mandriva 2009.0
Datum: Mi, 14. Januar 2009, 02:45
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021
Applikationen: NTP

Originalnachricht

This is a multi-part message in MIME format...

------------=_1231897513-14940-7374


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:007
http://www.mandriva.com/security/
_______________________________________________________________________

Package : ntp
Date : January 13, 2009
Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

A flaw was found in how NTP checked the return value of signature
verification. A remote attacker could use this to bypass certificate
validation by using a malformed SSL/TLS signature (CVE-2009-0021).

The updated packages have been patched to prevent this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
91f0330a936cb343029aec711da0ce4f 2008.0/i586/ntp-4.2.4-10.1mdv2008.0.i586.rpm
e7e6559f0431ff856d0da0b1d5a590a4
2008.0/i586/ntp-client-4.2.4-10.1mdv2008.0.i586.rpm
05f3b3c5777f6bef48ee85fefeaff8a8
2008.0/i586/ntp-doc-4.2.4-10.1mdv2008.0.i586.rpm
a9cd3b03e611b517664ffae074da31da 2008.0/SRPMS/ntp-4.2.4-10.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
e68c5263d456ec90d157787e70b17b99
2008.0/x86_64/ntp-4.2.4-10.1mdv2008.0.x86_64.rpm
85e0c28eae68bcdcca997c5c2bb9bf8c
2008.0/x86_64/ntp-client-4.2.4-10.1mdv2008.0.x86_64.rpm
ffbd2a9f924478d27f33ad13e1c4e250
2008.0/x86_64/ntp-doc-4.2.4-10.1mdv2008.0.x86_64.rpm
a9cd3b03e611b517664ffae074da31da 2008.0/SRPMS/ntp-4.2.4-10.1mdv2008.0.src.rpm

Mandriva Linux 2008.1:
1a9909288448845fa41b220b50917ee1 2008.1/i586/ntp-4.2.4-15.1mdv2008.1.i586.rpm
6693319db15308f559912c9fe989bdd6
2008.1/i586/ntp-client-4.2.4-15.1mdv2008.1.i586.rpm
63758cadb1cf81ebb7bef096dc285f2f
2008.1/i586/ntp-doc-4.2.4-15.1mdv2008.1.i586.rpm
ca06251ccab188cdb4f28fba35190eb6 2008.1/SRPMS/ntp-4.2.4-15.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
9c7b290e643cae08556bd3b1f6380926
2008.1/x86_64/ntp-4.2.4-15.1mdv2008.1.x86_64.rpm
7fd00c9b82a0ca577962d59975433071
2008.1/x86_64/ntp-client-4.2.4-15.1mdv2008.1.x86_64.rpm
f99d1d7980dd6788a0f0c4924241a6d3
2008.1/x86_64/ntp-doc-4.2.4-15.1mdv2008.1.x86_64.rpm
ca06251ccab188cdb4f28fba35190eb6 2008.1/SRPMS/ntp-4.2.4-15.1mdv2008.1.src.rpm

Mandriva Linux 2009.0:
82ed4b25f0a0c1c607e5819ec1d70603 2009.0/i586/ntp-4.2.4-18.1mdv2009.0.i586.rpm
71855df81d8dd138d54fb24f5c221a5b
2009.0/i586/ntp-client-4.2.4-18.1mdv2009.0.i586.rpm
30874a706c15d4086df8493af51f5082
2009.0/i586/ntp-doc-4.2.4-18.1mdv2009.0.i586.rpm
248052356a2606f377debf55257b6855 2009.0/SRPMS/ntp-4.2.4-18.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
c6462453877b538618e8bf8d0132b1a3
2009.0/x86_64/ntp-4.2.4-18.1mdv2009.0.x86_64.rpm
abe80d9922eb665d6e5be56197895a68
2009.0/x86_64/ntp-client-4.2.4-18.1mdv2009.0.x86_64.rpm
eb780b2e38ebb1b4ee1999c4f0429231
2009.0/x86_64/ntp-doc-4.2.4-18.1mdv2009.0.x86_64.rpm
248052356a2606f377debf55257b6855 2009.0/SRPMS/ntp-4.2.4-18.1mdv2009.0.src.rpm

Corporate 3.0:
d1593543a5d37e6b8ea2c8468ce1d0d3
corporate/3.0/i586/ntp-4.2.0-2.1.C30mdk.i586.rpm
fc6c1a4605258d876c8a09d7d0d116ef
corporate/3.0/SRPMS/ntp-4.2.0-2.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
1214dd1fed42c4acd3ad36da9bd8b0ea
corporate/3.0/x86_64/ntp-4.2.0-2.1.C30mdk.x86_64.rpm
fc6c1a4605258d876c8a09d7d0d116ef
corporate/3.0/SRPMS/ntp-4.2.0-2.1.C30mdk.src.rpm

Corporate 4.0:
dcc6abed648d3baac3233264bc107517
corporate/4.0/i586/ntp-4.2.0-21.3.20060mlcs4.i586.rpm
d1c9cf4d821856af81ce574fa08c1f52
corporate/4.0/i586/ntp-client-4.2.0-21.3.20060mlcs4.i586.rpm
50c665296cd7d09f4e98ae04e998e350
corporate/4.0/SRPMS/ntp-4.2.0-21.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
6c41fd0f995d8cf8cf216bf82e062de0
corporate/4.0/x86_64/ntp-4.2.0-21.3.20060mlcs4.x86_64.rpm
da7f3cd1385ae2250cd191182079c037
corporate/4.0/x86_64/ntp-client-4.2.0-21.3.20060mlcs4.x86_64.rpm
50c665296cd7d09f4e98ae04e998e350
corporate/4.0/SRPMS/ntp-4.2.0-21.3.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
d7ff99538a0da678adcc5606913bc1b6 mnf/2.0/i586/ntp-4.2.0-2.1.C30mdk.i586.rpm
c8af767376df674dd434307c628e30cd mnf/2.0/SRPMS/ntp-4.2.0-2.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJbRVSmqjQ0CJFipgRAt23AJ43dVc9u32PRtOsFf8+xdJzSIx+wACdFIK3
LT/YaZTGtZnOdbhIr2LV9dg=
=23nb
-----END PGP SIGNATURE-----


------------=_1231897513-14940-7374
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1231897513-14940-7374--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung