-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.1810
                            ntp security update
                               26 July 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           ntp
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Denial of Service              -- Remote/Unauthenticated
                   Provide Misleading Information -- Remote/Unauthenticated
                   Access Confidential Data       -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-2518 CVE-2016-2516 CVE-2016-1550
                   CVE-2016-1548 CVE-2016-1547 CVE-2015-8158
                   CVE-2015-8138 CVE-2015-7979 CVE-2015-7978
                   CVE-2015-7977 CVE-2015-7974 

Reference:         ASB-2016.0074
                   ASB-2016.0046

Original Bulletin: 
   http://www.debian.org/security/2016/dsa-3629

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3629-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
July 25, 2016                         https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : ntp
CVE ID         : CVE-2015-7974 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 
                 CVE-2015-8138 CVE-2015-8158 CVE-2016-1547 CVE-2016-1548
                 CVE-2016-1550 CVE-2016-2516 CVE-2016-2518

Several vulnerabilities were discovered in the Network Time Protocol
daemon and utility programs:

CVE-2015-7974

    Matt Street discovered that insufficient key validation allows
    impersonation attacks between authenticated peers.

CVE-2015-7977 / CVE-2015-7978

    Stephen Gray discovered that a NULL pointer dereference and a
    buffer overflow in the handling of "ntpdc reslist" commands may
    result in denial of service.

CVE-2015-7979

    Aanchal Malhotra discovered that if NTP is configured for broadcast
    mode, an attacker can send malformed authentication packets which
    break associations with the server for other broadcast clients.

CVE-2015-8138

    Matthew van Gundy and Jonathan Gardner discovered that missing
    validation of origin timestamps in ntpd clients may result in denial
    of service.

CVE-2015-8158

    Jonathan Gardner discovered that missing input sanitising in ntpq
    may result in denial of service.

CVE-2016-1547

    Stephen Gray and Matthew van Gundy discovered that incorrect handling
    of crypto NAK packets my result in denial of service.

CVE-2016-1548

    Jonathan Gardner and Miroslav Lichvar discovered that ntpd clients
    could be forced to change from basic client/server mode to interleaved
    symmetric mode, preventing time synchronisation.

CVE-2016-1550

    Matthew van Gundy, Stephen Gray and Loganaden Velvindron discovered
    that timing leaks in the the packet authentication code could result
    in recovery of a message digest.

CVE-2016-2516

    Yihan Lian discovered that duplicate IPs on "unconfig" directives will
    trigger an assert.

CVE-2016-2518

    Yihan Lian discovered that an OOB memory access could potentially
    crash ntpd.

For the stable distribution (jessie), these problems have been fixed in
version 1:4.2.6.p5+dfsg-7+deb8u2.

For the testing distribution (stretch), these problems have been fixed
in version 1:4.2.8p7+dfsg-1.

For the unstable distribution (sid), these problems have been fixed in
version 1:4.2.8p7+dfsg-1.

We recommend that you upgrade your ntp packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJXloDyAAoJEBDCk7bDfE42sEIQAITxUHR3soJpA10Z0ermNvj9
lIk50hAgupkjg7Jfvy6GoIl3vSwaW3zteLm7PGXAQVMkN4Uu7yuC/3UKia1W4T4M
Y4JqCceSpGI8Frse/hNe65q/wo7a5nNmd3zzeX477PcxvSttyQ0W5PbNofDXOWWV
C9C2NmQoWKXQoaJ7VeSUtqFPCijduxzME/NIwkZTgnfHqXHLDxkOFcogfbr/xxh3
QCnocTQBMUniVGVjIkmZJvAXYxCONfWGy4Mi8XP6PmmDiYnda6cKpYR9cQq8Rrn2
jyhH/S16k7qAboNT25rJQhD7evL+G+/lQKzwTMMif1F6UZEdCdiEcMaGxBt/be2t
WR+xiGg/xS/sSO4idz4+VzAhBTrKgkAiySHnuCIW43mSP4EQ19crEwodReEGo5ya
UyRJzX1ocYyoanhn4GI/zLutIOJHSuo/RODTVNjTtFpR40i0RfLzI0BkbAw0MOrj
gy29tneLfgzPjYMUKIpE7QKgtkEDs2PJG3tIptdR43xwRz1eQoRzNt4Iuv3174/M
T0JU5/zWYcvCPLkby3YAqOZkqi+W6VoFKyTFKD6WTKujknOTkjcRGr8bqSBuV+EV
/cPY7ksVajzOIP0Vh6zV2OjWqIEb1agE76VaYcKCgDpRAqvRMA5YRYt9zFV0VSLi
E8XbyUv2ljEkPXFAhg6n
=vLJU
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBV5a6HIx+lLeg9Ub1AQiAxg//djVE0zPvxuHEkp47Do0Gs4sYvRQ5+IZw
bP1PUA4qMCkF/t6B+BxRGC2zinz/HNlMbsptWjGsGt4Fw4Tw2OXxEDBivHGg/GGE
9mA2LYkgHAwaWUY3EMIUqgeB+x+QGDTQGTBrwaFgeCvK08otqcTZQrBduYv4lSig
9lR3K8UKuya71uTYLiqX959F7OORm+ib0RZJhFmxbC3S98EZjAmOma1d/umn17Rr
of0ZtwJBZHu8QPmT7RZDlCbad0T993NjbtppikEp8YgQmaax9TotKP/Cc9YsdlCk
cU/BlOaaL9lKS+L9k6UznDKyv6hFy4st3k5V39+I5fxSxOyy3c00FcjZW3CRIXEv
Ovl5XIU6N4vGtnn7/URMR6PpJLLLD11bDaBD1EadFsuo79D7eqBQhz9HDMmX5t3u
NgBmHErLdEGbthgnOTFeBoIJrnSSuwF9HtPdK9xoZJKGpYEs01ffMjbLbde5qett
JbEkTyyIv4meE/xMzrNKDVqMNpHit9lnRNN4QSF7GyZR1n/FQyOzD8pCeiy55Rym
KYapU4s6jjJVhGgapLtq0PmkMq++aS4iX/eBmzsonHEwRpA0CNvhnH1/+HS0EpPR
jxu/rah5pDwSaEWO9DICzGTgVutB1zEHxtNmK67CDln0R4Gda3HMahZDA9TLCfqb
JucgKo6oB/g=
=/e0P
-----END PGP SIGNATURE-----