Bug 24585

Assigning to all packagers collectively, since there is no registered maintainer for this package.
Also CC'ing some committers.

CC: (none) => guillomovitch, lists.jjorge, marja11, nicolas.salguero
Assignee: bugsquad => pkg-bugs

Suggested advisory:
========================

The updated packages fix a security vulnerability:

A null pointer exception which could allow an authenticated attacker to cause segmentation fault to ntpd. (CVE-2019-8936)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8936
http://lists.suse.com/pipermail/sle-security-updates/2019-March/005258.html
========================

Updated packages in core/updates_testing:
========================
ntp-4.2.8p13-1.mga6
ntp-perl-4.2.8p13-1.mga6
ntpdate-4.2.8p13-1.mga6
sntp-4.2.8p13-1.mga6
ntp-doc-4.2.8p13-1.mga6

from SRPMS:
ntp-4.2.8p13-1.mga6.src.rpm

Status: NEW => ASSIGNED
Source RPM: ntp-4.2.8p12-2.mga7.src.rpm => ntp-4.2.8p12-1.mga6.src.rpm
Whiteboard: MGA6TOO => (none)
CVE: (none) => CVE-2019-8936
Assignee: pkg-bugs => qa-bugs
Version: Cauldron => 6

Installed and tested without issues.

System: Mageia 6, x86_64, Intel CPU.

$ uname -a
Linux marte 4.14.106-desktop-1.mga6 #1 SMP Thu Mar 14 18:01:29 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | egrep '^s?ntp'
sntp-4.2.8p13-1.mga6
ntpdate-4.2.8p13-1.mga6
ntp-4.2.8p13-1.mga6
$ systemctl start ntpd
root@marte 16:41:21 /etc/service-check 
$ systemctl start ntpd
$ systemctl status ntpd
● ntpd.service - Network Time Service
   Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: enabled)
   Active: active (running) since Dom 2019-03-31 17:21:16 WEST; 4s ago
  Process: 7682 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 7684 (ntpd)
      CPU: 32ms
   CGroup: /system.slice/ntpd.service
           └─7684 /usr/sbin/ntpd -u ntp:ntp -g

Mar 31 17:21:16 marte ntpd[7684]: Listen normally on 7 he-sit0 [<SNIP>]:123
Mar 31 17:21:16 marte ntpd[7684]: Listen normally on 8 he-sit0 [<SNIP>]:123
Mar 31 17:21:16 marte ntpd[7684]: Listening on routing socket on fd #25 for interface updates
Mar 31 17:21:16 marte ntpd[7684]: kernel reports TIME_ERROR: 0x2041: Clock Unsynchronized
Mar 31 17:21:16 marte ntpd[7684]: kernel reports TIME_ERROR: 0x2041: Clock Unsynchronized
Mar 31 17:21:16 marte systemd[1]: Started Network Time Service.
Mar 31 17:21:17 marte ntpd[7684]: Soliciting pool server 5.135.59.152
Mar 31 17:21:18 marte ntpd[7684]: Soliciting pool server 194.117.9.130
Mar 31 17:21:19 marte ntpd[7684]: Soliciting pool server 2001:470:1f1d:947::1
Mar 31 17:21:20 marte ntpd[7684]: Soliciting pool server 2001:690:2100:14::2
$ ntpstat
unsynchronised
poll interval unknown
$ ntpstat
synchronised to NTP server (<SNIP>) at stratum 4
   time correct to within 979 ms
   polling server every 64 s
$ ntpdate europe.pool.ntp.org
31 Mar 17:22:52 ntpdate[7705]: the NTP socket is in use, exiting
$ systemctl stop ntpd
$ ntpdate europe.pool.ntp.org
31 Mar 17:23:09 ntpdate[7713]: adjust time server 194.55.15.222 offset -0.006741 sec
$ sntp europe.pool.ntp.org
sntp 4.2.8p13@1.3847-o Fri Mar 29 13:40:49 UTC 2019 (1)
2019-03-31 17:30:33.515110 (+0000) -0.002911 +/- 0.048236 europe.pool.ntp.org 80.90.43.162 s3 no-leap

CC: (none) => mageia
Whiteboard: (none) => MGA6-64-OK

Should be OK. Validating. Suggested advisory in Comment 2.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0140.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED