|
|
Subscribe / Log in / New account

Mageia alert MGASA-2015-0063 (ntp)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2015-0063: Updated ntp packages fix security vulnerabilities 


Date:
    	      Wed, 11 Feb 2015 21:48:18 +0100


Message-ID:
    	      <20150211204818.BD495408EF@valstar.mageia.org>


MGASA-2015-0063 - Updated ntp packages fix security vulnerabilities

Publication date: 11 Feb 2015
URL: http://advisories.mageia.org/MGASA-2015-0063.html
Type: security
Affected Mageia releases: 4
CVE: CVE-2014-9297,
     CVE-2014-9298

Description:
Updated ntp packages fix security vulnerabilities:

Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE
Security Team and Harlan Stenn of Network Time Foundation discovered that the
length value in extension fields is not properly validated in several code
paths in ntp_crypto.c, which could lead to information leakage or denial of
service (CVE-2014-9297).

Stephen Roettger of the Google Security Team reported that ACLs based on IPv6
::1 (localhost) addresses can be bypassed (CVE-2014-9298).

References:
- https://bugs.mageia.org/show_bug.cgi?id=15214
- http://support.ntp.org/bin/view/Main/SecurityNotice#Recen...
- https://www.debian.org/security/2015/dsa-3154
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9297
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9298

SRPMS:
- 4/core/ntp-4.2.6p5-15.3.mga4
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds