drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in NTP
Name: |
Mehrere Probleme in NTP |
|
ID: |
USN-3707-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 17.10, Ubuntu 18.04 LTS |
|
Datum: |
Mo, 9. Juli 2018, 20:36 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185 |
|
Applikationen: |
NTP |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============6045687951120371043== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="S2vxFnNSd5ACuNi8OSvnIxyf9WGyK1HLh"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --S2vxFnNSd5ACuNi8OSvnIxyf9WGyK1HLh Content-Type: multipart/mixed; boundary="0QqctNiHUjWe5V2WELI8XXln1oqepxmwC"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> Message-ID: <00435fc2-4fbc-76b6-3bce-320277752495@canonical.com> Subject: [USN-3707-1] NTP vulnerabilities
--0QqctNiHUjWe5V2WELI8XXln1oqepxmwC Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3707-1 July 09, 2018
ntp vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS - Ubuntu 17.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in NTP.
Software Description: - ntp: Network Time Protocol daemon and utility programs
Details:
Yihan Lian discovered that NTP incorrectly handled certain malformed mode 6 packets. A remote attacker could possibly use this issue to cause ntpd to crash, resulting in a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-7182)
Michael Macnair discovered that NTP incorrectly handled certain responses. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2018-7183)
Miroslav Lichvar discovered that NTP incorrectly handled certain zero-origin timestamps. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-7184)
Miroslav Lichvar discovered that NTP incorrectly handled certain zero-origin timestamps. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2018-7185)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: ntp 1:4.2.8p10+dfsg-5ubuntu7.1
Ubuntu 17.10: ntp 1:4.2.8p10+dfsg-5ubuntu3.3
Ubuntu 16.04 LTS: ntp 1:4.2.8p4+dfsg-3ubuntu5.9
Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/usn/usn-3707-1 CVE-2018-7182, CVE-2018-7183, CVE-2018-7184, CVE-2018-7185
Package Information: https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p10+dfsg-5ubuntu7.1 https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p10+dfsg-5ubuntu3.3 https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.9 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.13
--0QqctNiHUjWe5V2WELI8XXln1oqepxmwC--
--S2vxFnNSd5ACuNi8OSvnIxyf9WGyK1HLh Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAltDpzEACgkQZWnYVadE vpPJmg/+MRZbPYap8S6hjqSoTl37nQKKoPDwJWj3N3Chs8KsBPhUGm4bg2msVI2z hHtMaln/Mh5Pgsj8ccFbPU7mTtA+dtEREukjRqsFxTLlFixEe67ISMWTRrthkDbu rG5OdJQQvSsnp7LZaoemCZx3X8ohSVKBuuEOsI6pgyWWo84z0RqIF6RyxuS3QzUx d5hjpj1vmG9xOvm5fYstPyYWuJ/vGitOtqVkq2BtOQ12EeCwss5sMnyjpZXM9v59 M3I2cFFHL8aziqVDEJISOvxdQjfH3dMBZ7GqD5oycqkjbMLCtuijQT9kkwLy/8k4 qIfrPv+J3GIRtMt18Z574hVujxkUttKffspRBOM/jJbHq4DWwf0zPIyyShHx0VP2 zPXO2yOJ4QqWY56GTQAL8cyv2uQQhI7bUur9ezt/bCvL+JbDWFfAUNURBEqaHk2M uk8ltmmR/LjPaWuZtS9bDFrKG6kqmQEfACnmxixmOCwlm+BxSXy4UcUPNsH8qiC7 HqaRtmcDhv1iC5oxMUhKpFroZgWqkXKo7rje5jFGMK8vR4QHjeY4O2GdELQXGTSh JRUGO/5SouAGax0STKbDuXET3FYCyDtsguzQnTF+w0D/qJn1emY1GMuHSN0TtXcI 6/fvmH6up4oO6q/5o1VJRn0GKJG0zczAExRf8M4/pz+TFzWujZQ= =U0wS -----END PGP SIGNATURE-----
--S2vxFnNSd5ACuNi8OSvnIxyf9WGyK1HLh--
--===============6045687951120371043== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============6045687951120371043==--
|
|
|
|