Astra Linux - уязвимость в ntp

In the file libntp/mstolfp.c, within the NTP version 4.2.8p15, there is a buffer overflow vulnerability in the while loop of the cpcpdec function. An adversary could potentially attack a client NTPQ process, but they cannot attack the ntpd process...

GHSA-XGP8-3HG3-C2MH vulnerabilities

Vulnerabilities for packages: ztunnel, cargo-audit, sccache, xh, linkerd-network-validator, buck2, ntpd-rs, pixi, py3-xet-core, atuin, wasm-pack, linkerd2, zola, kdash, zizmor, rustup, qdrant, samply, wasmcloud, lychee, sqlx, berg, linkerd-extension-init, zellij, rye, tealdeer, parseable, uv,...

GHSA-965H-392X-2MH5 vulnerabilities

Vulnerabilities for packages: ztunnel, cargo-audit, sccache, xh, linkerd-network-validator, buck2, ntpd-rs, pixi, py3-xet-core, atuin, wasm-pack, linkerd2, zola, kdash, zizmor, rustup, qdrant, samply, wasmcloud, lychee, sqlx, berg, linkerd-extension-init, zellij, rye, tealdeer, parseable, uv,...

GHSA-XGP8-3HG3-C2MH vulnerabilities

Vulnerabilities for packages: zola, qdrant, uv, zizmor, ztunnel-fips, linkerd-network-validator, mise, samply, wasmcloud, sccache, linkerd2-cni-plugin, lychee, py3-xet-core, wasm-pack, atuin, ntpd-rs, fnm, garage, linkerd2-proxy, cargo-audit, sentry-cli, linkerd-extension-init, sqlx, linkerd2,...

GHSA-965H-392X-2MH5 vulnerabilities

Vulnerabilities for packages: zola, qdrant, uv, zizmor, ztunnel-fips, linkerd-network-validator, mise, samply, wasmcloud, sccache, linkerd2-cni-plugin, lychee, py3-xet-core, wasm-pack, atuin, ntpd-rs, fnm, garage, linkerd2-proxy, cargo-audit, sentry-cli, linkerd-extension-init, sqlx, linkerd2,...

CLEANSTART-2026-TC19665 Security fixes for ghsa-65p9-r9h6-22vj, ghsa-hfpc-8r3f-gw53, ghsa-vw5v-4f2q-w9xf applied in versions: 1.6.2-r1

Multiple security vulnerabilities affect the ntpd-rs package. These issues are resolved in later releases. See references for individual vulnerability details...

[SECURITY] Fedora 43 Update: ntpd-rs-1.7.1-1.fc43

Full-featured implementation of NTP with NTS support...

Fedora: Security Advisory (FEDORA-2026-cbe2315bad)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : ntpd-rs (2026-2dc4882154)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2dc4882154 advisory. Update to version 1.7.1. Includes the fix for CVE-2026-26076: Release notes: - - Tenable has extracted the preceding description block directly from the Fedo...

Fedora 43 : ntpd-rs (2026-cbe2315bad)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-cbe2315bad advisory. Update to version 1.7.1. Includes the fix for CVE-2026-26076: Release notes: - - Tenable has extracted the preceding description block directly from the Fedo...

Fedora: Security Advisory (FEDORA-2026-2dc4882154)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 44 : ntpd-rs (2026-eb0777262e)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-eb0777262e advisory. Update to version 1.7.1. Includes the fix for CVE-2026-26076: Release notes: - - Tenable has extracted the preceding description block directly from the Fedo...

OESA-2026-1642 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput in fremovexattr error path In the Linux kernel, the fremovexattr syscall calls fdget to acquire a file reference but returns early withou...

Linux Distros Unpatched Vulnerability : CVE-2026-26076

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above norma...

CVE-2026-26076

ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above normal in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more...

CVE-2026-26076 ntpd-rs affected by excessive CPU load from malformed packets

ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above normal in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more...

CVE-2026-25541 vulnerabilities

Vulnerabilities for packages: geckodriver, ztunnel, cargo-audit, zed, sccache, helix, xh, linkerd-network-validator, cargo-c, buck2, ntpd-rs, sdp-k8s-injector, pixi, linkerd-await, py3-xet-core, atuin, linkerd2, zola, kdash, zizmor, wadm, rustup, qdrant, samply, wizer, wash, pgcat, yazi, wasmclou...

GHSA-434X-W66G-QW3R vulnerabilities

Vulnerabilities for packages: geckodriver, ztunnel, cargo-audit, zed, sccache, helix, xh, linkerd-network-validator, cargo-c, buck2, ntpd-rs, sdp-k8s-injector, pixi, linkerd-await, py3-xet-core, atuin, linkerd2, zola, kdash, zizmor, wadm, rustup, qdrant, samply, wizer, wash, pgcat, yazi, wasmclou...

MiracleLinux 7 : ntp-4.2.6p5-29.2.0.1.el7.AXS7 (AXSA:2020-199:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-199:01 advisory. ntp: ntpd using highly predictable transmit timestamps could result in time change or DoS CVE-2020-13817 ntp: DoS on client ntpd using server mode...

MiracleLinux 3 : ntp-4.2.2p1-9.2.2AXS3 (AXSA:2009-434:03)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2009-434:03 advisory. The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. The ntp package contains utilities and daemons that...