Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 494
Alerts This Week
Warning Icon 1 494

Fedora 21: NTP Moderate Security Update 22-51-00: Memory Leak Fix

fedora
Calendar Grey November 4, 2015
Dist Fedora Esm H88
Uncover vital security patches for Fedora 21's NTP, mitigating various threats and preserving system integrity.
Security fix for CVE-2015-7704, CVE-2015-5300, CVE-2015-7692, CVE-2015-7871, CVE-2015-7702, CVE-2015-7691, CVE-2015-7852, CVE-2015-7701 ---- Security fix for CVE-2015-5146, CVE-201...

Summary

The Network Time Protocol (NTP) is used to synchronize a computer's

time with another reference time source. This package includes ntpd

(a daemon which continuously adjusts system time) and utilities used

to query and configure the ntpd daemon.

Perl scripts ntp-wait and ntptrace are in the ntp-perl package,

ntpdate is in the ntpdate package and sntp is in the sntp package.

The documentation is in the ntp-doc package.

Update Information:

Security fix for CVE-2015-7704, CVE-2015-5300, CVE-2015-7692, CVE-2015-7871, CVE-2015-7702, CVE-2015-7691, CVE-2015-7852, CVE-2015-7701 ---- Security fix for CVE-2015-5146, CVE-2015-5194, CVE-2015-5219, CVE-2015-5195, CVE-2015-5196

Change Log

References


[ 1 ] Bug #1274254 - CVE-2015-7691 CVE-2015-7692 CVE-2015-7702 ntp: incomplete checks in ntp_crypto.c https://bugzilla.redhat.com/show_bug.cgi?id=1274254 [ 2 ] Bug #1274255 - CVE-2015-7701 ntp: slow memory leak in CRYPTO_ASSOC https://bugzilla.redhat.com/show_bug.cgi?id=1274255 [ 3 ] Bug #1274261 - CVE-2015-7852 ntp: ntpq atoascii memory corruption vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1274261 [ 4 ] Bug #1274265 - CVE-2015-7871 ntp: crypto-NAK symmetric association authentication bypass vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1274265 [ 5 ] Bug #1271070 - CVE-2015-7704 ntp: disabling synchronization via crafted KoD packet https://bugzilla.redhat.com/show_bug.cgi?id=1271070 [ 6 ] Bug #1271076 - CVE-2015-5300 ntp: MITM attacker can force ntpd to make a step larger than the panic threshold https://bugzilla.redhat.com/show_bug.cgi?id=1271076 [ 7 ] Bug #1238136 - CVE-2015-5146 ntp: ntpd con...

Read the Full Advisory

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update ntp' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: ntp
Product: Fedora 21
Version: 4.2.6p5
Release: 34.fc21
Summary: The NTP daemon and utilities

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.