=========================================================== Ubuntu Security Notice USN-867-1 December 08, 2009 ntp vulnerability CVE-2009-3563 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: ntp 1:4.2.0a+stable-8.1ubuntu6.3 ntp-server 1:4.2.0a+stable-8.1ubuntu6.3 Ubuntu 8.04 LTS: ntp 1:4.2.4p4+dfsg-3ubuntu2.3 Ubuntu 8.10: ntp 1:4.2.4p4+dfsg-6ubuntu2.4 Ubuntu 9.04: ntp 1:4.2.4p4+dfsg-7ubuntu5.2 Ubuntu 9.10: ntp 1:4.2.4p6+dfsg-1ubuntu5.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Robin Park and Dmitri Vinokurov discovered a logic error in ntpd. A remote attacker could send a crafted NTP mode 7 packet with a spoofed IP address of an affected server and cause a denial of service via CPU and disk resource consumption. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3.diff.gz Size/MD5: 262833 1fdb567debfe1ce10ffc44ec492d4aa5 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3.dsc Size/MD5: 872 a6f59fefbf4050684aa38de8b24c54b3 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable.orig.tar.gz Size/MD5: 2272395 30f8b3d5b970c14dce5c6d8c922afa3e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.0a+stable-8.1ubuntu6.3_all.deb Size/MD5: 891204 35969710cca05eabef8399e53de0bdb5 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_amd64.deb Size/MD5: 35022 cf299ac36cb52399b7b80a7aa6b00c77 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_amd64.deb Size/MD5: 136402 14d2d9f6ec9a8f4edb2d674538b642a8 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_amd64.deb Size/MD5: 270524 05dfaa4fdf895ebfdf61ee43d97ef9c6 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_amd64.deb Size/MD5: 47932 ee2a72cdc8d20e545443bbcf086c6f82 http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_amd64.deb Size/MD5: 224268 d9daac981b2dd6d16d69d4bfc0f1d4bf i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_i386.deb Size/MD5: 33926 4a79ecdb4d1fa3d407fca23c00292a9d http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_i386.deb Size/MD5: 121710 77db2cb6c9daa84d6174fbe277a96c44 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_i386.deb Size/MD5: 256764 7aeb8e664a3ff16608fc880a108a8645 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_i386.deb Size/MD5: 44598 1e3067b9f7fee43a3f0b18ec9d4b356b http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_i386.deb Size/MD5: 198516 a0066ee286571189f7f6099bd8a2c220 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb Size/MD5: 37162 3b19f883b00809d36ae9bd79114955c1 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb Size/MD5: 135184 d1419b2d9aff1392c78bab2911114c2a http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb Size/MD5: 271468 856ffca2e1d79bfd730aec3bcc1ce497 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb Size/MD5: 49266 2cee0d14d9d1deafb78b26041d1ed05a http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb Size/MD5: 222168 42ef5dfaddb9e1fe9b9933119cdbe9ab sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_sparc.deb Size/MD5: 34428 09539a35a435d11f12ed9f5bd9534771 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_sparc.deb Size/MD5: 126814 8e2066b695d32e08355bfdc0f571c705 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_sparc.deb Size/MD5: 261652 1e4142216eb7ff527ce1f59b2ad2d0af http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_sparc.deb Size/MD5: 46790 7d456f67bea9e6c3f2452a5d6a847f67 http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_sparc.deb Size/MD5: 207566 433dca719ea61cca73b993a530299fae Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3.diff.gz Size/MD5: 287172 dfb60aa2cd60f61907856f5b50c8fc46 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3.dsc Size/MD5: 1046 251a7ead6fcf835535176b89ed7cc3d4 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz Size/MD5: 2835029 dc2b3ac9cc04b0f29df35467514c9884 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-3ubuntu2.3_all.deb Size/MD5: 928116 28eb96c89717c9fdfe39b3f140428484 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_amd64.deb Size/MD5: 477388 bc91b335e5963954d4284d0b57b37c40 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_amd64.deb Size/MD5: 65194 185195f8e2df78f7dfbba5b88be482ce i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_i386.deb Size/MD5: 432592 0ec673d7b4507cb992091a7b63007826 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_i386.deb Size/MD5: 61224 fbf4533c390ea05b7149e370815983e1 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_lpia.deb Size/MD5: 435450 1be0d440cf6bcf5048139c856b85106b http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_lpia.deb Size/MD5: 61184 a1b2a4c34beee7210e322b2f05d94095 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_powerpc.deb Size/MD5: 490538 e6adb5a7bde67fc04b543664e6ef748f http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_powerpc.deb Size/MD5: 66780 35b709a20016e07b383362610ae2b45a sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_sparc.deb Size/MD5: 442346 212fc209067ce419756fa2d6f486fd33 http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_sparc.deb Size/MD5: 61964 7937872f5231323d82c98f0ace751a79 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4.diff.gz Size/MD5: 305723 ea6556c8f4053f2abd79e4cf96633a65 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4.dsc Size/MD5: 1555 fa669b54aac2751215e1fbac226bf51e http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz Size/MD5: 2835029 dc2b3ac9cc04b0f29df35467514c9884 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-6ubuntu2.4_all.deb Size/MD5: 928754 eaa802a30b795ce27417c0f8fd612564 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_amd64.deb Size/MD5: 487270 83aef0ae73d841ca98c1aff95b68b974 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_amd64.deb Size/MD5: 66118 b1d338d727c1fbb479a0298e67cf920c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_i386.deb Size/MD5: 442316 9441f50fefcd831651417c8e66353769 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_i386.deb Size/MD5: 62320 67f26e8efd2233911b3ee5d5c779da52 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_lpia.deb Size/MD5: 441714 cc6ffa5cf9f82b707ebf77291c0c7c2b http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_lpia.deb Size/MD5: 62086 d4c4d6efa2ae6c85b400d73bd39cac8d powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_powerpc.deb Size/MD5: 491332 f4016ec402c0665df5241555af9a04ed http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_powerpc.deb Size/MD5: 67198 47c3dd10eae821a9d1abcf77a85d6651 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_sparc.deb Size/MD5: 449572 4a168bf44988c1da63a39bd14b17b682 http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_sparc.deb Size/MD5: 62834 0ae1f43f7f327de4ab787c911f0fd1ca Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2.diff.gz Size/MD5: 306032 90b99d80d9e52e4db7e30b96002834b4 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2.dsc Size/MD5: 1556 b6f57df7732c6fd3a29de6d4c65c421d http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz Size/MD5: 2835029 dc2b3ac9cc04b0f29df35467514c9884 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-7ubuntu5.2_all.deb Size/MD5: 929066 4230567b7ef012596cd5e291df13df76 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_amd64.deb Size/MD5: 487628 3789b894fe98014ed8b62fc910088d2a http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_amd64.deb Size/MD5: 66442 b43e6e46f0c035961fa2e382bd883fe2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_i386.deb Size/MD5: 442634 efaf8cc0f84114fe6d426827f22e3db4 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_i386.deb Size/MD5: 62642 7c9ce030867f9809b49634bdcc2a57a3 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_lpia.deb Size/MD5: 442086 4dd3ea7d09c746a592b0b622f4fcb753 http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_lpia.deb Size/MD5: 62410 77fa9c143489ea55da37adcd9f268e6b powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_powerpc.deb Size/MD5: 491526 d04d12ed5ebc7968a90894d92ca094c6 http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_powerpc.deb Size/MD5: 67530 55cffc037f6a88b24abd399925e700c3 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_sparc.deb Size/MD5: 449666 7dbdc0aa05e90a9363dfcae003c3e531 http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_sparc.deb Size/MD5: 63156 4647b041df35cabb86fb0789e3a083ce Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1.diff.gz Size/MD5: 344395 26dd6961151053346b36474a18d6412f http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1.dsc Size/MD5: 1575 c86cc4fe026ee6830d6564cabeaedc61 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg.orig.tar.gz Size/MD5: 2836728 bddc66cdc7c35c0cb22cc84cad770c65 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p6+dfsg-1ubuntu5.1_all.deb Size/MD5: 931324 bcc11545b9399ca7e09268a85fd6eabf amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_amd64.deb Size/MD5: 529994 c766915925a1cccbd27332232a45e016 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_amd64.deb Size/MD5: 70098 968cdde0e47a775cf13b922c7f2308f5 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_i386.deb Size/MD5: 490892 83e3785020b3cb659b6559cb51632333 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_i386.deb Size/MD5: 66770 34bd54ff829c032049dc8d7340984b4c lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_lpia.deb Size/MD5: 487552 f7ad919e64533aed59112c2fe5c49fd9 http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_lpia.deb Size/MD5: 66316 4a2cd9cdf5cfa46ad3784c37f7c29502 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_powerpc.deb Size/MD5: 528880 401e4a455acdf2a14c5f556e8cae1911 http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_powerpc.deb Size/MD5: 69390 9e0e3535fbe3ffe61be245ddd22e5d6c sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_sparc.deb Size/MD5: 499646 6059b8a5f9f216b8de00eed901af902e http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_sparc.deb Size/MD5: 67272 8d04c1e93ca4acd7a4eaac04008326b3