Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian LTS openssl Important Use-After-Free NULL Pointer Issues DLA-4624-1

Calendar White Jun 09, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 alsa-lib Important Denial of Service Fix USN-8044-2

Calendar White Jun 09, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS node-shell-quote Important Denial of Service CVE-2026-9277

Calendar White Jun 09, 2026
Important
Mageia Large Esm H800
Mageia

Mageia 9 Suricata Critical Performance Security Issues MGASA-2026-0181

Calendar White Jun 09, 2026
Critical
Mageia Large Esm H900
Mageia

Mageia 9 PackageKit Important TOCTOU Race Escalation CVE-2026-41651

Calendar White Jun 09, 2026
Important
Mageia Large Esm H900
Mageia

Mageia 9 Unbound Critical Remote Code Execution Advisory 2026-0034

Calendar White Jun 09, 2026
Critical
Ubuntu Large Esm H800
Ubuntu

Ubuntu 26.04 LTS Netatalk Multiple Security Issues USN-8395-1

Calendar White Jun 09, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 43 mingw-objfw 1.5.5 Update Security Fix FEDORA-2026-de23fedf3e

Calendar White Jun 08, 2026
Fedora Large Esm H900
Fedora

Fedora 43 objfw Important Update 1.5.5 Bug Fixes June 2026

Calendar White Jun 08, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":549,"type":"x","order":1,"pct":78.54,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.29,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.86,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.3,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -7 articles for you...
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorymoderatedenial of service

Red Hat Enterprise Linux 7 RHSA-2018:0855-01 Moderate NTP DoS Fix

An update for ntp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ntp security, bug fix, and enhancement update Advisory ID: RHSA-2018:0855-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0855 Issue date: 2018-04-10 CVE Names: CVE-2017-6462 CVE-2017-6463 CVE-2017-6464 ==================================================================== 1. Summary: An update for ntp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le, s390x 3. Description: The Network Time Protocol (NTP) is used to synchronize a computer'stime with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es): * ntp: Authenticated DoS via Malicious Config Option (CVE-2017-6463) * ntp: Denial of Service via Malformed Config (CVE-2017-6464) * ntp: Buffer Overflow in DPTS Clock (CVE-2017-6462) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the NTP project for reporting these issues. Upstream acknowledges Cure53 as the original reporter of these issues. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the ntpd daemon will restart automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1420453 - Typos in ntpd man page 1433987 - CVE-2017-6464 ntp: Denial of Service via Malformed Config 1433995 - CVE-2017-6462 ntp: Buffer Overflow in DPTS Clock 1434002 - CVE-2017-6463 ntp: Authenticated DoS via Malicious Config Option 1442083 - Delayed name resolving fails when fips is enabled 1466947 - ntpdate.service should start after network-online.target 1491797 - RFE: Backport Spectracom TSYNC driver to ntp 1493452 - ntpd clears STA_UNSYNC on start 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: ntp-4.2.6p5-28.el7.src.rpm x86_64: ntp-4.2.6p5-28.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-28.el7.x86_64.rpm ntpdate-4.2.6p5-28.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: ntp-doc-4.2.6p5-28.el7.noarch.rpm ntp-perl-4.2.6p5-28.el7.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-28.el7.x86_64.rpm sntp-4.2.6p5-28.el7.x86_64.rpm Red Hat EnterpriseLinux ComputeNode (v. 7): Source: ntp-4.2.6p5-28.el7.src.rpm x86_64: ntp-4.2.6p5-28.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-28.el7.x86_64.rpm ntpdate-4.2.6p5-28.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: ntp-doc-4.2.6p5-28.el7.noarch.rpm ntp-perl-4.2.6p5-28.el7.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-28.el7.x86_64.rpm sntp-4.2.6p5-28.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ntp-4.2.6p5-28.el7.src.rpm ppc64: ntp-4.2.6p5-28.el7.ppc64.rpm ntp-debuginfo-4.2.6p5-28.el7.ppc64.rpm ntpdate-4.2.6p5-28.el7.ppc64.rpm ppc64le: ntp-4.2.6p5-28.el7.ppc64le.rpm ntp-debuginfo-4.2.6p5-28.el7.ppc64le.rpm ntpdate-4.2.6p5-28.el7.ppc64le.rpm s390x: ntp-4.2.6p5-28.el7.s390x.rpm ntp-debuginfo-4.2.6p5-28.el7.s390x.rpm ntpdate-4.2.6p5-28.el7.s390x.rpm x86_64: ntp-4.2.6p5-28.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-28.el7.x86_64.rpm ntpdate-4.2.6p5-28.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: ntp-4.2.6p5-28.el7.src.rpm aarch64: ntp-4.2.6p5-28.el7.aarch64.rpm ntp-debuginfo-4.2.6p5-28.el7.aarch64.rpm ntpdate-4.2.6p5-28.el7.aarch64.rpm ppc64le: ntp-4.2.6p5-28.el7.ppc64le.rpm ntp-debuginfo-4.2.6p5-28.el7.ppc64le.rpm ntpdate-4.2.6p5-28.el7.ppc64le.rpm s390x: ntp-4.2.6p5-28.el7.s390x.rpm ntp-debuginfo-4.2.6p5-28.el7.s390x.rpm ntpdate-4.2.6p5-28.el7.s390x.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: ntp-debuginfo-4.2.6p5-28.el7.aarch64.rpm sntp-4.2.6p5-28.el7.aarch64.rpm noarch: ntp-doc-4.2.6p5-28.el7.noarch.rpm ntp-perl-4.2.6p5-28.el7.noarch.rpm ppc64le: ntp-debuginfo-4.2.6p5-28.el7.ppc64le.rpm sntp-4.2.6p5-28.el7.ppc64le.rpm s390x: ntp-debuginfo-4.2.6p5-28.el7.s390x.rpm sntp-4.2.6p5-28.el7.s390x.rpm Red Hat Enterprise Linux Server Optional (v.7): noarch: ntp-doc-4.2.6p5-28.el7.noarch.rpm ntp-perl-4.2.6p5-28.el7.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-28.el7.ppc64.rpm sntp-4.2.6p5-28.el7.ppc64.rpm ppc64le: ntp-debuginfo-4.2.6p5-28.el7.ppc64le.rpm sntp-4.2.6p5-28.el7.ppc64le.rpm s390x: ntp-debuginfo-4.2.6p5-28.el7.s390x.rpm sntp-4.2.6p5-28.el7.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-28.el7.x86_64.rpm sntp-4.2.6p5-28.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: ntp-4.2.6p5-28.el7.src.rpm x86_64: ntp-4.2.6p5-28.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-28.el7.x86_64.rpm ntpdate-4.2.6p5-28.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: ntp-doc-4.2.6p5-28.el7.noarch.rpm ntp-perl-4.2.6p5-28.el7.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-28.el7.x86_64.rpm sntp-4.2.6p5-28.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2017-6462 https://access.redhat.com/security/cve/CVE-2017-6463 https://access.redhat.com/security/cve/CVE-2017-6464 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/7.5_release_notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFazHlzXlSAg2UNWIIRAth7AKCMzb5lhGgvBZAYA3FELEtX8MJgIQCgjDiS 2HCCsCGACp0FtOU6jFkprKo=B7P4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A new update for ntp is now available in Red Hat Linux to resolve security vulnerabilities, including potential Denial of Service (DoS) risks and various bug fixes.. Red Hat Enterprise Linux, ntp security update, security impact, bug fix. . LinuxSecurity.com Team

Calendar 2 Apr 10, 2018 Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorybuffer overflowred hat

Red Hat 6.5 RHSA-2015:0104-01 Critical NTP Buffer Overflow

Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: ntp security update Advisory ID: RHSA-2015:0104-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:0104.html Issue date: 2015-01-28 CVE Names: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 ==================================================================== 1. Summary: Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5) - noarch, x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.5) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.5) - i386, noarch, ppc64, s390x, x86_64 3. Description: The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited vialocal attackers, and the configure() flaw requires additional authentication to exploit. (CVE-2014-9295) It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. (CVE-2014-9293) It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys. (CVE-2014-9294) A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP's authentication mechanism. (CVE-2014-9296) All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1176032 - CVE-2014-9293 ntp: automatic generation of weak default key in config_auth() 1176035 - CVE-2014-9294 ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys 1176037 - CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets 1176040 - CVE-2014-9296 ntp: receive() missing return on error 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v.6.5): Source: ntp-4.2.6p5-2.el6_5.src.rpm x86_64: ntp-4.2.6p5-2.el6_5.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm ntpdate-4.2.6p5-2.el6_5.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5): Source: ntp-4.2.6p5-2.el6_5.src.rpm noarch: ntp-doc-4.2.6p5-2.el6_5.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm ntp-perl-4.2.6p5-2.el6_5.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.5): Source: ntp-4.2.6p5-2.el6_5.src.rpm i386: ntp-4.2.6p5-2.el6_5.i686.rpm ntp-debuginfo-4.2.6p5-2.el6_5.i686.rpm ntpdate-4.2.6p5-2.el6_5.i686.rpm ppc64: ntp-4.2.6p5-2.el6_5.ppc64.rpm ntp-debuginfo-4.2.6p5-2.el6_5.ppc64.rpm ntpdate-4.2.6p5-2.el6_5.ppc64.rpm s390x: ntp-4.2.6p5-2.el6_5.s390x.rpm ntp-debuginfo-4.2.6p5-2.el6_5.s390x.rpm ntpdate-4.2.6p5-2.el6_5.s390x.rpm x86_64: ntp-4.2.6p5-2.el6_5.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm ntpdate-4.2.6p5-2.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.5): Source: ntp-4.2.6p5-2.el6_5.src.rpm i386: ntp-debuginfo-4.2.6p5-2.el6_5.i686.rpm ntp-perl-4.2.6p5-2.el6_5.i686.rpm noarch: ntp-doc-4.2.6p5-2.el6_5.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-2.el6_5.ppc64.rpm ntp-perl-4.2.6p5-2.el6_5.ppc64.rpm s390x: ntp-debuginfo-4.2.6p5-2.el6_5.s390x.rpm ntp-perl-4.2.6p5-2.el6_5.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm ntp-perl-4.2.6p5-2.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9293 https://access.redhat.com/security/cve/CVE-2014-9294 https://access.redhat.com/security/cve/CVE-2014-9295 https://access.redhat.com/security/cve/CVE-2014-9296 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. . Revised ntp binaries addresscritical vulnerabilities for Red Hat Enterprise Linux 6.5, improving overall system defense.. NTP Update, Red Hat Advisory, Important Fix, Linux EUS Update. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jan 28, 2015 Important Red Hat
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":549,"type":"x","order":1,"pct":78.54,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.29,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.86,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.3,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here