UBUNTU: 2015:2780-2 Important: Nginx Denial of Service Patch
suse
December 23, 2014
An update that fixes two vulnerabilities is now available
Summary
The network timeservice ntp was updated to fix critical security issues (bnc#910764, CERT VU#852879) * A potential remote code execution problem was found inside ntpd. The functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure() where updated to avoid buffer overflows that could be exploited. (CVE-2014-9295) * Furthermore a problem inside the ntpd error handling was found that is missing a return statement. This could also lead to a potentially attack vector. (CVE-2014-9296) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-118 - SUSE Linux Enterprise Desktop 12:
References
#910764
Cross- CVE-2014-9295 CVE-2014-9296
Affected Products:
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Desktop 12
https://www.suse.com/security/cve/CVE-2014-9295.html
https://www.suse.com/security/cve/CVE-2014-9296.html
https://bugzilla.suse.com/show_bug.cgi?id=910764
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2014:1690-1
Rating: critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!