MGASA-2020-0212 - Updated ntp packages fix security vulnerability Publication date: 15 May 2020 URL: https://advisories.mageia.org/MGASA-2020-0212.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-11868 The updated packages fix security vulnerabilities including: ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. (CVE-2020-11868) References: - https://bugs.mageia.org/show_bug.cgi?id=26597 - https://www.debian.org/lts/security/2020/dla-2201 - http://support.ntp.org/bin/view/Main/SecurityNotice#March_2020_ntp_4_2_8p14_NTP_Rele - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11868 SRPMS: - 7/core/ntp-4.2.8p14-1.mga7
Mageia 2020-0212: ntp security update
The updated packages fix security vulnerabilities including: ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronizat...
Summary
The updated packages fix security vulnerabilities including:
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path
attacker to block unauthenticated synchronization via a server mode packet
with a spoofed source IP address, because transmissions are rescheduled
even when a packet lacks a valid origin timestamp. (CVE-2020-11868)
References
- https://bugs.mageia.org/show_bug.cgi?id=26597
- https://www.debian.org/lts/security/2020/dla-2201
- http://support.ntp.org/bin/view/Main/SecurityNotice#March_2020_ntp_4_2_8p14_NTP_Rele
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11868
Resolution
MGASA-2020-0212 - Updated ntp packages fix security vulnerability
SRPMS
- 7/core/ntp-4.2.8p14-1.mga7
Severity
Publication date: 15 May 2020
URL: https://advisories.mageia.org/MGASA-2020-0212.html
Type: security
CVE: CVE-2020-11868
News
HOWTOs
Features
About Us
Powered By
