Slackware64-current ChangeLog (2014-02-13)

Thu Feb 13 23:45:53 UTC 2014

  • n/ntp-4.2.6p5-x86_64-5.txz
    All stable versions of NTP remain vulnerable to a remote attack where the
    “ntpdc -c monlist” command can be used to amplify network traffic as part
    of a denial of service attack. By default, Slackware is not vulnerable
    since it includes “noquery” as a default restriction. However, it is
    vulnerable if this restriction is removed. To help mitigate this flaw,
    “disable monitor” has been added to the default ntp.conf (which will disable
    the monlist command even if other queries are allowed), and the default
    restrictions have been extended to IPv6 as well.
    All users of the NTP daemon should make sure that their ntp.conf contains
    “disable monitor” to prevent misuse of the NTP service. The new ntp.conf
    file will be installed as /etc/ntp.conf.new with a package upgrade, but the
    changes will need to be merged into any existing ntp.conf file by the admin.
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211
    http://www.kb.cert.org/vuls/id/348126
    (* Security fix *)
  • news/2014/02/13/slackware64-current-changelog.txt
  • Last modified: 9 years ago
  • by Giuseppe Di Terlizzi