Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#44492 - [ntp][CVE-2015-1798][CVE-2015-1799] multiple security issues

Attached to Project: Arch Linux
Opened by Christian Rebischke (Shibumi) - Tuesday, 07 April 2015, 16:56 GMT
Last edited by Gaetan Bisson (vesath) - Tuesday, 07 April 2015, 20:48 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Gaetan Bisson (vesath)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Summary
=======

ntp with version ntp-4.2.8p1 or lower has multiple security issues:

ntpd accepts unauthenticated packets with symmetric key crypto. => CVE-2015-1798

Authentication doesn't protect symmetric associations against DoS attacks. => CVE-2015-1799

Reference
=========
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities



best regards from the archlinux CVE monitoring team

This task depends upon

Closed by  Gaetan Bisson (vesath)
Tuesday, 07 April 2015, 20:48 GMT
Reason for closing:  Fixed
Additional comments about closing:  ntp-4.2.8.p2-1 in [extra]
Comment by Gaetan Bisson (vesath) - Tuesday, 07 April 2015, 20:47 GMT
ntp-4.2.8.p2-1 was pushed into [community] at 2015-04-07 19:28 UTC :)

Loading...