Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 493
Alerts This Week
Warning Icon 1 493

Fedora 22 NTP Security Update FEDORA-2015-14212 Critical Remote DoS

fedora
Calendar Grey October 12, 2015
Dist Fedora Esm H88
Important NTP upgrade addresses several security flaws in Fedora 22. Key information regarding security fixes disclosed.
Security fix for CVE-2015-5146, CVE-2015-5194, CVE-2015-5219, CVE-2015-5195, CVE-2015-5196

Summary

The Network Time Protocol (NTP) is used to synchronize a computer's

time with another reference time source. This package includes ntpd

(a daemon which continuously adjusts system time) and utilities used

to query and configure the ntpd daemon.

Perl scripts ntp-wait and ntptrace are in the ntp-perl package,

ntpdate is in the ntpdate package and sntp is in the sntp package.

The documentation is in the ntp-doc package.

Update Information:

Security fix for CVE-2015-5146, CVE-2015-5194, CVE-2015-5219, CVE-2015-5195, CVE-2015-5196

Change Log

References


[ 1 ] Bug #1238136 - CVE-2015-5146 ntp: ntpd control message crash on crafted NUL-byte in configuration directive (VU#668167) https://bugzilla.redhat.com/show_bug.cgi?id=1238136 [ 2 ] Bug #1254542 - CVE-2015-5194 ntp: crash with crafted logconfig configuration command https://bugzilla.redhat.com/show_bug.cgi?id=1254542 [ 3 ] Bug #1254544 - CVE-2015-5195 ntp: ntpd crash when processing config commands with statistics type https://bugzilla.redhat.com/show_bug.cgi?id=1254544 [ 4 ] Bug #1254547 - CVE-2015-5196 ntp: config command can be used to set the pidfile and drift file paths https://bugzilla.redhat.com/show_bug.cgi?id=1254547 [ 5 ] Bug #1255118 - CVE-2015-5219 ntp: infinite loop in sntp processing crafted packet https://bugzilla.redhat.com/show_bug.cgi?id=1255118

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update ntp' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: ntp
Product: Fedora 22
Version: 4.2.6p5
Release: 33.fc22
Summary: The NTP daemon and utilities

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.