SUSE: 2015:0274-1 Important: Four NTP Security Flaws Addressed
suse
February 12, 2015
An update that fixes four vulnerabilities is now available
Summary
ntp was updated to fix four security issues. These security issues were fixed: - CVE-2014-9294: util/ntp-keygen.c in ntp-keygen used a weak RNG seed, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack (bnc#910764 911792). - CVE-2014-9293: The config_auth function in ntpd, when an auth key was not configured, improperly generated a key, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack (bnc#910764 911792). - CVE-2014-9298: ::1 can be spoofed on some OSes, so ACLs based on IPv6 ::1 addresses could be bypassed (bnc#911792). - CVE-2014-9297: Information leak by not properly checking a length in several places in ntp_crypto.c (bnc#911792). Patch Instructions:
Topics Covered
References
#910764 #911792
Cross- CVE-2014-9293 CVE-2014-9294 CVE-2014-9297
CVE-2014-9298
Affected Products:
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Desktop 12
https://www.suse.com/security/cve/CVE-2014-9293.html
https://www.suse.com/security/cve/CVE-2014-9294.html
https://www.suse.com/security/cve/CVE-2014-9297.html
https://www.suse.com/security/cve/CVE-2014-9298.html
https://bugzilla.suse.com/show_bug.cgi?id=910764
https://bugzilla.suse.com/show_bug.cgi?id=911792
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2015:0274-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!