SUSE Linux 11 SP3: SUSE-SU-2015:0259-1 Important: NTP Security Flaws
suse
February 12, 2015
An update that fixes four vulnerabilities is now available
Summary
ntp has been updated to fix four security issues: * CVE-2014-9294: ntp-keygen used a weak RNG seed, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. (bsc#910764) * CVE-2014-9293: The config_auth function, when an auth key is not configured, improperly generated a key, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. (bsc#910764) * CVE-2014-9298: ::1 can be spoofed on some operating systems, so ACLs based on IPv6 ::1 addresses could be bypassed. (bsc#910764) * CVE-2014-9297: vallen is not validated in several places in ntp_crypto.c, leading to potential information leak. (bsc#910764) Security Issues: * CVE-2014-9294
References
#910764 #911792
Cross- CVE-2014-9293 CVE-2014-9294 CVE-2014-9297
CVE-2014-9298
Affected Products:
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Desktop 11 SP3
https://www.suse.com/security/cve/CVE-2014-9293.html
https://www.suse.com/security/cve/CVE-2014-9294.html
https://www.suse.com/security/cve/CVE-2014-9297.html
https://www.suse.com/security/cve/CVE-2014-9298.html
https://bugzilla.suse.com/show_bug.cgi?id=910764
https://bugzilla.suse.com/show_bug.cgi?id=911792
https://scc.suse.com:443/patches/
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2015:0259-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!