ntp, ntpdate security update

🗓️ 16 May 2016 10:19:19Reported by CentOS ProjectType

centos

centos🔗 lists.centos.org👁 86 Views

NTP security update, incomplete fix, memory leak, buffer overflow

Reporter	Title	Published	Views	Family All 469
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Privileged Identity Manager	16 Jun 201821:45	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in NTP affect PowerKVM	18 Jun 201801:34	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in ntp affect IBM Flex System Manager (FSM)	18 Jun 201801:36	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru Firmware, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter	14 Apr 202314:32	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Ntp affect IBM Security Identity Governance	16 Jun 201821:44	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in NTP affect Power Hardware Management Console	23 Sep 202101:31	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Pure Power Integrated Manager (PPIM) is affected by vulnerabilities in ntp (CVE-2014-9750, CVE-2014-9751)	18 Jun 201801:30	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in NTP affect IBM Security Network Protection	16 Jun 201821:43	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Network Time Protocol (NTP) affect PowerKVM	18 Jun 201801:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple ntp vulnerabilities	18 Jun 201801:32	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
CentOS	6	i686	ntp	4.2.6p5-10.el6.centos	ntp-4.2.6p5-10.el6.centos.i686.rpm
CentOS	6	i686	ntpdate	4.2.6p5-10.el6.centos	ntpdate-4.2.6p5-10.el6.centos.i686.rpm
CentOS	6	noarch	ntp-doc	4.2.6p5-10.el6.centos	ntp-doc-4.2.6p5-10.el6.centos.noarch.rpm
CentOS	6	i686	ntp-perl	4.2.6p5-10.el6.centos	ntp-perl-4.2.6p5-10.el6.centos.i686.rpm
CentOS	6	x86_64	ntp	4.2.6p5-10.el6.centos	ntp-4.2.6p5-10.el6.centos.x86_64.rpm
CentOS	6	x86_64	ntpdate	4.2.6p5-10.el6.centos	ntpdate-4.2.6p5-10.el6.centos.x86_64.rpm
CentOS	6	noarch	ntp-doc	4.2.6p5-10.el6.centos	ntp-doc-4.2.6p5-10.el6.centos.noarch.rpm
CentOS	6	x86_64	ntp-perl	4.2.6p5-10.el6.centos	ntp-perl-4.2.6p5-10.el6.centos.x86_64.rpm

Source	Link
twitter	www.twitter.com/centos
rhn	www.rhn.redhat.com/errata/RHSA-2016-0780.html
steadfast	www.steadfast.net/
linkedin	www.linkedin.com/groups/22405
youtube	www.youtube.com/TheCentOSProject
facebook	www.facebook.com/groups/centosproject/
reddit	www.reddit.com/r/CentOS/

16 May 2016 10:19Current

7.2High risk

Vulners AI Score7.2

CVSS 25.8

CVSS 37.5

CVSS 3.17.5

EPSS0.42548

network time protocol ntpd service cve-2014-9750 cve-2015-7691 cve-2015-7692 cve-2015-7702 crypto_assoc cve-2015-7701 cve-2015-7852 cve-2015-7977 cve-2015-7978 cve-2015-5194 cve-2015-5195 cve-2015-5219 cve-2015-7703