SUSE has issued an advisory on March 28: http://lists.suse.com/pipermail/sle-security-updates/2019-March/005258.html The issue is fixed upstream in 4.2.8p13. Mageia 6 is also affected.
Whiteboard: (none) => MGA6TOOStatus comment: (none) => Fixed upstream in 4.2.8p13
Assigning to all packagers collectively, since there is no registered maintainer for this package. Also CC'ing some committers.
CC: (none) => guillomovitch, lists.jjorge, marja11, nicolas.salgueroAssignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: A null pointer exception which could allow an authenticated attacker to cause segmentation fault to ntpd. (CVE-2019-8936) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8936 http://lists.suse.com/pipermail/sle-security-updates/2019-March/005258.html ======================== Updated packages in core/updates_testing: ======================== ntp-4.2.8p13-1.mga6 ntp-perl-4.2.8p13-1.mga6 ntpdate-4.2.8p13-1.mga6 sntp-4.2.8p13-1.mga6 ntp-doc-4.2.8p13-1.mga6 from SRPMS: ntp-4.2.8p13-1.mga6.src.rpm
Status: NEW => ASSIGNEDSource RPM: ntp-4.2.8p12-2.mga7.src.rpm => ntp-4.2.8p12-1.mga6.src.rpmWhiteboard: MGA6TOO => (none)CVE: (none) => CVE-2019-8936Assignee: pkg-bugs => qa-bugsVersion: Cauldron => 6
Installed and tested without issues. System: Mageia 6, x86_64, Intel CPU. $ uname -a Linux marte 4.14.106-desktop-1.mga6 #1 SMP Thu Mar 14 18:01:29 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | egrep '^s?ntp' sntp-4.2.8p13-1.mga6 ntpdate-4.2.8p13-1.mga6 ntp-4.2.8p13-1.mga6 $ systemctl start ntpd root@marte 16:41:21 /etc/service-check $ systemctl start ntpd $ systemctl status ntpd ● ntpd.service - Network Time Service Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: enabled) Active: active (running) since Dom 2019-03-31 17:21:16 WEST; 4s ago Process: 7682 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS) Main PID: 7684 (ntpd) CPU: 32ms CGroup: /system.slice/ntpd.service └─7684 /usr/sbin/ntpd -u ntp:ntp -g Mar 31 17:21:16 marte ntpd[7684]: Listen normally on 7 he-sit0 [<SNIP>]:123 Mar 31 17:21:16 marte ntpd[7684]: Listen normally on 8 he-sit0 [<SNIP>]:123 Mar 31 17:21:16 marte ntpd[7684]: Listening on routing socket on fd #25 for interface updates Mar 31 17:21:16 marte ntpd[7684]: kernel reports TIME_ERROR: 0x2041: Clock Unsynchronized Mar 31 17:21:16 marte ntpd[7684]: kernel reports TIME_ERROR: 0x2041: Clock Unsynchronized Mar 31 17:21:16 marte systemd[1]: Started Network Time Service. Mar 31 17:21:17 marte ntpd[7684]: Soliciting pool server 5.135.59.152 Mar 31 17:21:18 marte ntpd[7684]: Soliciting pool server 194.117.9.130 Mar 31 17:21:19 marte ntpd[7684]: Soliciting pool server 2001:470:1f1d:947::1 Mar 31 17:21:20 marte ntpd[7684]: Soliciting pool server 2001:690:2100:14::2 $ ntpstat unsynchronised poll interval unknown $ ntpstat synchronised to NTP server (<SNIP>) at stratum 4 time correct to within 979 ms polling server every 64 s $ ntpdate europe.pool.ntp.org 31 Mar 17:22:52 ntpdate[7705]: the NTP socket is in use, exiting $ systemctl stop ntpd $ ntpdate europe.pool.ntp.org 31 Mar 17:23:09 ntpdate[7713]: adjust time server 194.55.15.222 offset -0.006741 sec $ sntp europe.pool.ntp.org sntp 4.2.8p13@1.3847-o Fri Mar 29 13:40:49 UTC 2019 (1) 2019-03-31 17:30:33.515110 (+0000) -0.002911 +/- 0.048236 europe.pool.ntp.org 80.90.43.162 s3 no-leap
CC: (none) => mageiaWhiteboard: (none) => MGA6-64-OK
Should be OK. Validating. Suggested advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0140.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED