FS#44492 - [ntp][CVE-2015-1798][CVE-2015-1799] multiple security issues
Attached to Project:
Arch Linux
Opened by Christian Rebischke (Shibumi) - Tuesday, 07 April 2015, 16:56 GMT
Last edited by Gaetan Bisson (vesath) - Tuesday, 07 April 2015, 20:48 GMT
Opened by Christian Rebischke (Shibumi) - Tuesday, 07 April 2015, 16:56 GMT
Last edited by Gaetan Bisson (vesath) - Tuesday, 07 April 2015, 20:48 GMT
|
Details
Summary
======= ntp with version ntp-4.2.8p1 or lower has multiple security issues: ntpd accepts unauthenticated packets with symmetric key crypto. => CVE-2015-1798 Authentication doesn't protect symmetric associations against DoS attacks. => CVE-2015-1799 Reference ========= http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities best regards from the archlinux CVE monitoring team |
This task depends upon
Closed by Gaetan Bisson (vesath)
Tuesday, 07 April 2015, 20:48 GMT
Reason for closing: Fixed
Additional comments about closing: ntp-4.2.8.p2-1 in [extra]
Tuesday, 07 April 2015, 20:48 GMT
Reason for closing: Fixed
Additional comments about closing: ntp-4.2.8.p2-1 in [extra]
Comment by Gaetan Bisson (vesath) -
Tuesday, 07 April 2015, 20:47 GMT
ntp-4.2.8.p2-1 was pushed into [community] at 2015-04-07 19:28 UTC
:)