Oval Definition:oval:com.redhat.rhsa:def:20090046
Revision Date:2009-01-29Version:640
Title:RHSA-2009:0046: ntp security update (Moderate)
Description:The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source.

  • A flaw was discovered in the way the ntpd daemon checked the return value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4 authentication, this could lead to an incorrect verification of cryptographic signatures, allowing time-spoofing attacks. (CVE-2009-0021)

    Note: This issue only affects systems that have enabled NTP authentication. By default, NTP authentication is not enabled.

    All ntp users are advised to upgrade to the updated packages, which contain a backported patch to resolve this issue. After installing the update, the ntpd daemon will restart automatically.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2009-0021
    RHSA-2009:0046
    RHSA-2009:0046-01
    RHSA-2009:0046-01
    Platform(s):Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND ntp is earlier than 0:4.2.0.a.20040617-8.el4_7.1
  • AND ntp is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND ntp is earlier than 0:4.2.2p1-9.el5_3.1
  • AND ntp is signed with Red Hat redhatrelease2 key
    • BACK