ALAS-2017-781


Amazon Linux AMI Security Advisory: ALAS-2017-781
Advisory Release Date: 2017-01-04 17:00 Pacific
Severity: Medium

Issue Overview:

The following security-related issues were resolved:

CVE-2016-7426 : Client rate limiting and server responses
CVE-2016-7429 : Attack on interface selection
CVE-2016-7433 : Broken initial sync calculations regression
CVE-2016-9310 : Mode 6 unauthenticated trap information disclosure and DDoS vector
CVE-2016-9311 : Null pointer dereference when trap service is enabled


Affected Packages:

ntp


Issue Correction:
Run yum update ntp to update your system.

New Packages:
i686:
    ntpdate-4.2.6p5-43.33.amzn1.i686
    ntp-4.2.6p5-43.33.amzn1.i686
    ntp-debuginfo-4.2.6p5-43.33.amzn1.i686

noarch:
    ntp-perl-4.2.6p5-43.33.amzn1.noarch
    ntp-doc-4.2.6p5-43.33.amzn1.noarch

src:
    ntp-4.2.6p5-43.33.amzn1.src

x86_64:
    ntp-4.2.6p5-43.33.amzn1.x86_64
    ntp-debuginfo-4.2.6p5-43.33.amzn1.x86_64
    ntpdate-4.2.6p5-43.33.amzn1.x86_64