Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 23: 2015-14213 Critical: NTP DoS Flaws Security Update

fedora
Calendar Grey September 20, 2015
Dist Fedora Esm H88
Essential security patch for Fedora 23 tackling a range of NTP vulnerabilities. Safeguard your system against possible outages.
Security fix for CVE-2015-5146, CVE-2015-5194, CVE-2015-5219, CVE-2015-5195, CVE-2015-5196

Summary

The Network Time Protocol (NTP) is used to synchronize a computer's

time with another reference time source. This package includes ntpd

(a daemon which continuously adjusts system time) and utilities used

to query and configure the ntpd daemon.

Perl scripts ntp-wait and ntptrace are in the ntp-perl package,

ntpdate is in the ntpdate package and sntp is in the sntp package.

The documentation is in the ntp-doc package.

Update Information:

Security fix for CVE-2015-5146, CVE-2015-5194, CVE-2015-5219, CVE-2015-5195, CVE-2015-5196

Topics%20covered

Topics Covered

security advisory Fedora critical fix DoS flaw NTP

Change Log

References


[ 1 ] Bug #1255118 - CVE-2015-5219 ntp: infinite loop in sntp processing crafted packet https://bugzilla.redhat.com/show_bug.cgi?id=1255118 [ 2 ] Bug #1254547 - CVE-2015-5196 ntp: config command can be used to set the pidfile and drift file paths https://bugzilla.redhat.com/show_bug.cgi?id=1254547 [ 3 ] Bug #1238136 - CVE-2015-5146 ntp: ntpd control message crash on crafted NUL-byte in configuration directive (VU#668167) https://bugzilla.redhat.com/show_bug.cgi?id=1238136 [ 4 ] Bug #1254542 - CVE-2015-5194 ntp: crash with crafted logconfig configuration command https://bugzilla.redhat.com/show_bug.cgi?id=1254542 [ 5 ] Bug #1254544 - CVE-2015-5195 ntp: ntpd crash when processing config commands with statistics type https://bugzilla.redhat.com/show_bug.cgi?id=1254544

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update ntp' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: ntp
Product: Fedora 23
Version: 4.2.6p5
Release: 33.fc23
URL: http://www.ntp.org
Summary: The NTP daemon and utilities

Topics%20covered

Topics Covered

security advisory Fedora critical fix DoS flaw NTP

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here