ALAS-2017-781


Amazon Linux 1 Security Advisory: ALAS-2017-781
Advisory Release Date: 2017-01-04 17:00 Pacific
Advisory Updated Date: 2017-01-04 17:00 Pacific
Severity: Medium

Issue Overview:

The following security-related issues were resolved:

CVE-2016-7426: Client rate limiting and server responses
CVE-2016-7429: Attack on interface selection
CVE-2016-7433: Broken initial sync calculations regression
CVE-2016-9310: Mode 6 unauthenticated trap information disclosure and DDoS vector
CVE-2016-9311: Null pointer dereference when trap service is enabled


Affected Packages:

ntp


Issue Correction:
Run yum update ntp to update your system.

New Packages:
i686:
    ntpdate-4.2.6p5-43.33.amzn1.i686
    ntp-4.2.6p5-43.33.amzn1.i686
    ntp-debuginfo-4.2.6p5-43.33.amzn1.i686

noarch:
    ntp-perl-4.2.6p5-43.33.amzn1.noarch
    ntp-doc-4.2.6p5-43.33.amzn1.noarch

src:
    ntp-4.2.6p5-43.33.amzn1.src

x86_64:
    ntp-4.2.6p5-43.33.amzn1.x86_64
    ntp-debuginfo-4.2.6p5-43.33.amzn1.x86_64
    ntpdate-4.2.6p5-43.33.amzn1.x86_64