Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Fedora 23 NTP Update: Critical Security Fixes for NTP Issues

fedora
Calendar Grey November 2, 2015
Dist Fedora Esm H88
An important patch for Ubuntu 18.04 resolves various vulnerabilities in OpenSSH to improve secure shell protocol integrity.
Security fix for CVE-2015-7704, CVE-2015-5300, CVE-2015-7692, CVE-2015-7871, CVE-2015-7702, CVE-2015-7691, CVE-2015-7852, CVE-2015-7701

Summary

The Network Time Protocol (NTP) is used to synchronize a computer's

time with another reference time source. This package includes ntpd

(a daemon which continuously adjusts system time) and utilities used

to query and configure the ntpd daemon.

Perl scripts ntp-wait and ntptrace are in the ntp-perl package,

ntpdate is in the ntpdate package and sntp is in the sntp package.

The documentation is in the ntp-doc package.

Update Information:

Security fix for CVE-2015-7704, CVE-2015-5300, CVE-2015-7692, CVE-2015-7871, CVE-2015-7702, CVE-2015-7691, CVE-2015-7852, CVE-2015-7701

Change Log

References


[ 1 ] Bug #1274254 - CVE-2015-7691 CVE-2015-7692 CVE-2015-7702 ntp: incomplete checks in ntp_crypto.c https://bugzilla.redhat.com/show_bug.cgi?id=1274254 [ 2 ] Bug #1274255 - CVE-2015-7701 ntp: slow memory leak in CRYPTO_ASSOC https://bugzilla.redhat.com/show_bug.cgi?id=1274255 [ 3 ] Bug #1274261 - CVE-2015-7852 ntp: ntpq atoascii memory corruption vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1274261 [ 4 ] Bug #1274265 - CVE-2015-7871 ntp: crypto-NAK symmetric association authentication bypass vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1274265 [ 5 ] Bug #1271070 - CVE-2015-7704 ntp: disabling synchronization via crafted KoD packet https://bugzilla.redhat.com/show_bug.cgi?id=1271070 [ 6 ] Bug #1271076 - CVE-2015-5300 ntp: MITM attacker can force ntpd to make a step larger than the panic threshold https://bugzilla.redhat.com/show_bug.cgi?id=1271076

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update ntp' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: ntp
Product: Fedora 23
Version: 4.2.6p5
Release: 34.fc23
Summary: The NTP daemon and utilities

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.