Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in NTP.
Software Description:
- ntp: Network Time Protocol daemon and utility programs
Details:
Stephen Roettger, Sebastian Krahmer, and Harlan Stenn discovered that NTP
incorrectly handled the length value in extension fields. A remote attacker
could use this issue to possibly obtain leaked information, or cause the
NTP daemon to crash, resulting in a denial of service. (CVE-2014-9297)
Stephen Roettger discovered that NTP incorrectly handled ACLs based on
certain IPv6 addresses. (CVE-2014-9298)
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.10.2 Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.2 Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.3 Ubuntu 10.04 LTS: ntp 1:4.2.4p8+dfsg-1ubuntu2.3 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-2497-1
CVE-2014-9297, CVE-2014-9298
Get the latest Linux and open source security news straight to your inbox.