ALAS-2019-1206

Amazon Linux 1 (EOL) Security Advisory: ALAS-2019-1206
Advisory Released Date: 2019-05-16
Advisory Updated Date: 2019-05-20

Severity: Medium

References: CVE-2019-8936
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

NTP has a NULL pointer dereference attack in an authenticated mode 6 packet. (CVE-2019-8936)

Affected Packages:

ntp

Issue Correction:
Run yum update ntp or yum update --advisory ALAS-2019-1206 to update your system.

New Packages:

i686:
    ntp-debuginfo-4.2.8p12-1.41.amzn1.i686
    ntp-4.2.8p12-1.41.amzn1.i686
    ntpdate-4.2.8p12-1.41.amzn1.i686

noarch:
    ntp-doc-4.2.8p12-1.41.amzn1.noarch
    ntp-perl-4.2.8p12-1.41.amzn1.noarch

src:
    ntp-4.2.8p12-1.41.amzn1.src

x86_64:
    ntp-4.2.8p12-1.41.amzn1.x86_64
    ntp-debuginfo-4.2.8p12-1.41.amzn1.x86_64
    ntpdate-4.2.8p12-1.41.amzn1.x86_64

Additional References

Red Hat: CVE-2019-8936

Mitre: CVE-2019-8936