FS#44492 : [ntp][CVE-2015-1798][CVE-2015-1799] multiple security issues

FS#44492 - [ntp][CVE-2015-1798][CVE-2015-1799] multiple security issues

Attached to Project: Arch Linux
Opened by Christian Rebischke (Shibumi) - Tuesday, 07 April 2015, 16:56 GMT
Last edited by Gaetan Bisson (vesath) - Tuesday, 07 April 2015, 20:48 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	Gaetan Bisson (vesath)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Summary
=======

ntp with version ntp-4.2.8p1 or lower has multiple security issues:

ntpd accepts unauthenticated packets with symmetric key crypto. => CVE-2015-1798

Authentication doesn't protect symmetric associations against DoS attacks. => CVE-2015-1799

Reference
=========
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities

best regards from the archlinux CVE monitoring team

This task depends upon

Closed by Gaetan Bisson (vesath)
Tuesday, 07 April 2015, 20:48 GMT
Reason for closing: Fixed
Additional comments about closing: ntp-4.2.8.p2-1 in [extra]

Comment by Gaetan Bisson (vesath) - Tuesday, 07 April 2015, 20:47 GMT

ntp-4.2.8.p2-1 was pushed into [community] at 2015-04-07 19:28 UTC :)

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#44492 - [ntp][CVE-2015-1798][CVE-2015-1799] multiple security issues

Details

Loading...