Lucene search

K
amazonAmazonALAS-2015-496
HistoryMar 23, 2015 - 8:31 a.m.

Medium: ntp

2015-03-2308:31:00
alas.aws.amazon.com
13

0.002 Low

EPSS

Percentile

58.1%

Issue Overview:

It was reported (http://bugs.ntp.org/show_bug.cgi?id=2671) that ntp misses validation of vallen value, leading to various information leaks. See for more details. (CVE-2014-9297)

It was reported (http://bugs.ntp.org/show_bug.cgi?id=2672) that ntp allows bypassing source IP ACLs on some OSes when ::1 spoofed. (CVE-2014-9298)

Affected Packages:

ntp

Issue Correction:
Run yum update ntp to update your system.

New Packages:

i686:  
    ntp-debuginfo-4.2.6p5-27.23.amzn1.i686  
    ntp-4.2.6p5-27.23.amzn1.i686  
    ntpdate-4.2.6p5-27.23.amzn1.i686  
  
noarch:  
    ntp-perl-4.2.6p5-27.23.amzn1.noarch  
    ntp-doc-4.2.6p5-27.23.amzn1.noarch  
  
src:  
    ntp-4.2.6p5-27.23.amzn1.src  
  
x86_64:  
    ntpdate-4.2.6p5-27.23.amzn1.x86_64  
    ntp-4.2.6p5-27.23.amzn1.x86_64  
    ntp-debuginfo-4.2.6p5-27.23.amzn1.x86_64  

Additional References

Red Hat: CVE-2014-9297, CVE-2014-9298

Mitre: CVE-2014-9297, CVE-2014-9298

0.002 Low

EPSS

Percentile

58.1%

Related for ALAS-2015-496