Debians sikkerhedsbulletin
DSA-1702-1 ntp -- fortolkningskonflikt
- Rapporteret den:
- 12. jan 2009
- Berørte pakker:
- ntp
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Debians fejlsporingssystem: Fejl 511227.
I Mitres CVE-ordbog: CVE-2009-0021. - Yderligere oplysninger:
-
Man har opdaget at NTP, en implementering af Network Time Protocol, ikke på korrekt vis kontrollerede kryptografiske signaturer, hvilket slutteligt kunne føre til accept af uautentificerede tidsoplysninger. (Bemærk at krytografisk autentifikation af time-servere ofte slet ikke er aktiveret.)
I den stabile distribution (etch), er dette problem rettet i version 4.2.2.p4+dfsg-2etch1.
I den ustabile distribution (sid), er dette problem rettet i version 4.2.4p4+dfsg-8.
I testing-distributionen (lenny) det det snart blive rettet.
Vi anbefaler at du opgraderer din ntp-pakke.
- Rettet i:
-
Debian GNU/Linux 4.0 (etch)
- Kildekode:
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1.dsc
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg.orig.tar.gz
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1.diff.gz
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg.orig.tar.gz
- Arkitekturuafhængig komponent:
- http://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.2.p4+dfsg-2etch1_all.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.2.p4+dfsg-2etch1_all.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.2.p4+dfsg-2etch1_all.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.2.p4+dfsg-2etch1_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch1_alpha.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1_alpha.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch1_amd64.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1_amd64.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1_amd64.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch1_hppa.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1_hppa.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1_i386.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch1_i386.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch1_ia64.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1_ia64.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1_ia64.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch1_s390.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1_s390.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1_sparc.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch1_sparc.deb
- http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch1_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.