Issued:
2009-01-29
Updated:
2009-01-29

RHSA-2009:0046 - Security Advisory

Synopsis

Moderate: ntp security update

Type/Severity

Security Advisory: Moderate

Topic

Updated ntp packages to correct a security issue are now available for Red
Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The Network Time Protocol (NTP) is used to synchronize a computer's time
with a referenced time source.

A flaw was discovered in the way the ntpd daemon checked the return value
of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4
authentication, this could lead to an incorrect verification of
cryptographic signatures, allowing time-spoofing attacks. (CVE-2009-0021)

Note: This issue only affects systems that have enabled NTP authentication.
By default, NTP authentication is not enabled.

All ntp users are advised to upgrade to the updated packages, which contain
a backported patch to resolve this issue. After installing the update, the
ntpd daemon will restart automatically.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server - Extended Update Support 5.3 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 5.3 ia64
  • Red Hat Enterprise Linux Server - Extended Update Support 5.3 i386
  • Red Hat Enterprise Linux Server - Extended Update Support 4.7 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 4.7 ia64
  • Red Hat Enterprise Linux Server - Extended Update Support 4.7 i386
  • Red Hat Enterprise Linux Server - AUS 5.3 ia64
  • Red Hat Enterprise Linux Server - AUS 5.3 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.3 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386
  • Red Hat Enterprise Linux Server - AUS 5.3 x86_64
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.3 ppc

Fixes

  • BZ - 476807 - CVE-2009-0021 ntp incorrectly checks for malformed signatures

CVEs

References

Red Hat Enterprise Linux Server 5

SRPM
ntp-4.2.2p1-9.el5_3.1.src.rpm SHA-256: dbb44fbac5f1c8fc8c320a679af424a6460e173e9b1cfd96c26dfae93892aa83
x86_64
ntp-4.2.2p1-9.el5_3.1.x86_64.rpm SHA-256: 51d87d10efc8d9b202af2dd77a76a4c10d6f45786d4e0930acf1b3a3091a7e58
ia64
ntp-4.2.2p1-9.el5_3.1.ia64.rpm SHA-256: edf6dbff4db7774c2b90fe3a0779a2c3c2dda77089882e02e6158e1c8a6a8f09
i386
ntp-4.2.2p1-9.el5_3.1.i386.rpm SHA-256: 8e01847a351357733a6fd6e6399aff82ce2dd03047f09875ddfc9618de7f5a4d

Red Hat Enterprise Linux Server 4

SRPM
ntp-4.2.0.a.20040617-8.el4_7.1.src.rpm SHA-256: 455d051f6d745a3a68c5ec2e367def871f8c39e7d8aa35ce12498ad5d578ce71
x86_64
ntp-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm SHA-256: 44f67b0c43620219bf049aa01f087528b313e7f2944b58ac5ad0ff22150a0683
ntp-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm SHA-256: 44f67b0c43620219bf049aa01f087528b313e7f2944b58ac5ad0ff22150a0683
ia64
ntp-4.2.0.a.20040617-8.el4_7.1.ia64.rpm SHA-256: 90293ceb25f18562df5ffcc520c5f75846e294fec320d93c7927739c46208dca
ntp-4.2.0.a.20040617-8.el4_7.1.ia64.rpm SHA-256: 90293ceb25f18562df5ffcc520c5f75846e294fec320d93c7927739c46208dca
i386
ntp-4.2.0.a.20040617-8.el4_7.1.i386.rpm SHA-256: b49577353477f40b5a885ef1a5444e8bf28f337dcc91e08f55781fa962ea31e6
ntp-4.2.0.a.20040617-8.el4_7.1.i386.rpm SHA-256: b49577353477f40b5a885ef1a5444e8bf28f337dcc91e08f55781fa962ea31e6

Red Hat Enterprise Linux Server - Extended Update Support 4.7

SRPM
ntp-4.2.0.a.20040617-8.el4_7.1.src.rpm SHA-256: 455d051f6d745a3a68c5ec2e367def871f8c39e7d8aa35ce12498ad5d578ce71
x86_64
ntp-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm SHA-256: 44f67b0c43620219bf049aa01f087528b313e7f2944b58ac5ad0ff22150a0683
ntp-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm SHA-256: 44f67b0c43620219bf049aa01f087528b313e7f2944b58ac5ad0ff22150a0683
ia64
ntp-4.2.0.a.20040617-8.el4_7.1.ia64.rpm SHA-256: 90293ceb25f18562df5ffcc520c5f75846e294fec320d93c7927739c46208dca
ntp-4.2.0.a.20040617-8.el4_7.1.ia64.rpm SHA-256: 90293ceb25f18562df5ffcc520c5f75846e294fec320d93c7927739c46208dca
i386
ntp-4.2.0.a.20040617-8.el4_7.1.i386.rpm SHA-256: b49577353477f40b5a885ef1a5444e8bf28f337dcc91e08f55781fa962ea31e6
ntp-4.2.0.a.20040617-8.el4_7.1.i386.rpm SHA-256: b49577353477f40b5a885ef1a5444e8bf28f337dcc91e08f55781fa962ea31e6

Red Hat Enterprise Linux Workstation 5

SRPM
ntp-4.2.2p1-9.el5_3.1.src.rpm SHA-256: dbb44fbac5f1c8fc8c320a679af424a6460e173e9b1cfd96c26dfae93892aa83
x86_64
ntp-4.2.2p1-9.el5_3.1.x86_64.rpm SHA-256: 51d87d10efc8d9b202af2dd77a76a4c10d6f45786d4e0930acf1b3a3091a7e58
i386
ntp-4.2.2p1-9.el5_3.1.i386.rpm SHA-256: 8e01847a351357733a6fd6e6399aff82ce2dd03047f09875ddfc9618de7f5a4d

Red Hat Enterprise Linux Workstation 4

SRPM
ntp-4.2.0.a.20040617-8.el4_7.1.src.rpm SHA-256: 455d051f6d745a3a68c5ec2e367def871f8c39e7d8aa35ce12498ad5d578ce71
x86_64
ntp-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm SHA-256: 44f67b0c43620219bf049aa01f087528b313e7f2944b58ac5ad0ff22150a0683
ia64
ntp-4.2.0.a.20040617-8.el4_7.1.ia64.rpm SHA-256: 90293ceb25f18562df5ffcc520c5f75846e294fec320d93c7927739c46208dca
i386
ntp-4.2.0.a.20040617-8.el4_7.1.i386.rpm SHA-256: b49577353477f40b5a885ef1a5444e8bf28f337dcc91e08f55781fa962ea31e6

Red Hat Enterprise Linux Desktop 5

SRPM
ntp-4.2.2p1-9.el5_3.1.src.rpm SHA-256: dbb44fbac5f1c8fc8c320a679af424a6460e173e9b1cfd96c26dfae93892aa83
x86_64
ntp-4.2.2p1-9.el5_3.1.x86_64.rpm SHA-256: 51d87d10efc8d9b202af2dd77a76a4c10d6f45786d4e0930acf1b3a3091a7e58
i386
ntp-4.2.2p1-9.el5_3.1.i386.rpm SHA-256: 8e01847a351357733a6fd6e6399aff82ce2dd03047f09875ddfc9618de7f5a4d

Red Hat Enterprise Linux Desktop 4

SRPM
ntp-4.2.0.a.20040617-8.el4_7.1.src.rpm SHA-256: 455d051f6d745a3a68c5ec2e367def871f8c39e7d8aa35ce12498ad5d578ce71
x86_64
ntp-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm SHA-256: 44f67b0c43620219bf049aa01f087528b313e7f2944b58ac5ad0ff22150a0683
i386
ntp-4.2.0.a.20040617-8.el4_7.1.i386.rpm SHA-256: b49577353477f40b5a885ef1a5444e8bf28f337dcc91e08f55781fa962ea31e6

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
ntp-4.2.2p1-9.el5_3.1.src.rpm SHA-256: dbb44fbac5f1c8fc8c320a679af424a6460e173e9b1cfd96c26dfae93892aa83
s390x
ntp-4.2.2p1-9.el5_3.1.s390x.rpm SHA-256: 7b59a4d469f2c5002008c604d4a115dec0329d114133cc729630eebd82fd8090

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
ntp-4.2.0.a.20040617-8.el4_7.1.src.rpm SHA-256: 455d051f6d745a3a68c5ec2e367def871f8c39e7d8aa35ce12498ad5d578ce71
s390x
ntp-4.2.0.a.20040617-8.el4_7.1.s390x.rpm SHA-256: 829b072078aabb4b49b041e536afc214b739f6c6fea9d84b7cdcb420c350e7b4
s390
ntp-4.2.0.a.20040617-8.el4_7.1.s390.rpm SHA-256: 8c7439f208a0a301d03612c2ca3e78a78d556e0c86548a18f174d7383fc87c1d

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7

SRPM
ntp-4.2.0.a.20040617-8.el4_7.1.src.rpm SHA-256: 455d051f6d745a3a68c5ec2e367def871f8c39e7d8aa35ce12498ad5d578ce71
s390x
ntp-4.2.0.a.20040617-8.el4_7.1.s390x.rpm SHA-256: 829b072078aabb4b49b041e536afc214b739f6c6fea9d84b7cdcb420c350e7b4
s390
ntp-4.2.0.a.20040617-8.el4_7.1.s390.rpm SHA-256: 8c7439f208a0a301d03612c2ca3e78a78d556e0c86548a18f174d7383fc87c1d

Red Hat Enterprise Linux for Power, big endian 5

SRPM
ntp-4.2.2p1-9.el5_3.1.src.rpm SHA-256: dbb44fbac5f1c8fc8c320a679af424a6460e173e9b1cfd96c26dfae93892aa83
ppc
ntp-4.2.2p1-9.el5_3.1.ppc.rpm SHA-256: 77ca29bff71c16922cf123bc96bce95d3644832c5adde96a42a017b5c49c0492

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ntp-4.2.0.a.20040617-8.el4_7.1.src.rpm SHA-256: 455d051f6d745a3a68c5ec2e367def871f8c39e7d8aa35ce12498ad5d578ce71
ppc
ntp-4.2.0.a.20040617-8.el4_7.1.ppc.rpm SHA-256: 3d9b9ceedcfeb22b3e0c2716317aca92e78a04cdf90a1943448d5786234beea2

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7

SRPM
ntp-4.2.0.a.20040617-8.el4_7.1.src.rpm SHA-256: 455d051f6d745a3a68c5ec2e367def871f8c39e7d8aa35ce12498ad5d578ce71
ppc
ntp-4.2.0.a.20040617-8.el4_7.1.ppc.rpm SHA-256: 3d9b9ceedcfeb22b3e0c2716317aca92e78a04cdf90a1943448d5786234beea2

Red Hat Enterprise Linux Server from RHUI 5

SRPM
ntp-4.2.2p1-9.el5_3.1.src.rpm SHA-256: dbb44fbac5f1c8fc8c320a679af424a6460e173e9b1cfd96c26dfae93892aa83
x86_64
ntp-4.2.2p1-9.el5_3.1.x86_64.rpm SHA-256: 51d87d10efc8d9b202af2dd77a76a4c10d6f45786d4e0930acf1b3a3091a7e58
i386
ntp-4.2.2p1-9.el5_3.1.i386.rpm SHA-256: 8e01847a351357733a6fd6e6399aff82ce2dd03047f09875ddfc9618de7f5a4d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.