Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 254098 (CVE-2009-0021) - net-misc/ntp<4.2.4_p6 incorrect checks for malformed signatures (CVE-2009-0021)
Summary: net-misc/ntp<4.2.4_p6 incorrect checks for malformed signatures (CVE-2009-0021)
Status: RESOLVED FIXED
Alias: CVE-2009-0021
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://www.ocert.org/advisories/ocert...
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-01-07 13:33 UTC by Robert Buchholz (RETIRED)
Modified: 2009-04-05 14:02 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2009-01-07 13:33:06 UTC
ntpd uses the OpenSSL EVP_VerifyFinal function and incorrectly check the return code, refer to bug 251346 for details.

ntpd upstream will release a patch shortly.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2009-01-07 18:31:32 UTC
public via URL
Comment 2 SpanKY gentoo-dev 2009-01-10 13:11:31 UTC
ntp-4.2.4_p6 now in the tree
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2009-01-10 17:22:59 UTC
Arches, please test and mark stable:
=net-misc/ntp-4.2.4_p6
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 4 Markus Meier gentoo-dev 2009-01-11 13:45:03 UTC
amd64/x86 stable
Comment 5 Guy Martin (RETIRED) gentoo-dev 2009-01-11 14:23:55 UTC
hppa stable
Comment 6 Brent Baude (RETIRED) gentoo-dev 2009-01-12 15:49:41 UTC
ppc64 done
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2009-01-13 11:08:30 UTC
alpha/ia64/s390/sh/sparc stable
Comment 8 Tobias Scherbaum (RETIRED) gentoo-dev 2009-01-13 17:31:03 UTC
ppc stable and i guess we want a GLSA on this one.
Comment 9 Pierre-Yves Rofes (RETIRED) gentoo-dev 2009-03-31 11:43:24 UTC
GLSA filed.
Comment 10 Pierre-Yves Rofes (RETIRED) gentoo-dev 2009-04-05 14:02:02 UTC
GLSA 200904-05