Astra Linux - уязвимость в ntp

In the file libntp/mstolfp.c, within the NTP version 4.2.8p15, there is a buffer overflow vulnerability in the while loop of the cpcpdec function. An adversary could potentially attack a client NTPQ process, but they cannot attack the ntpd process...

GHSA-XGP8-3HG3-C2MH vulnerabilities

Vulnerabilities for packages: wasmcloud, samply, kdash, zellij, zizmor, shadowsocks-rust, sqlx, linkerd2-proxy, wasmtime, ntpd-rs, cargo-audit, uv, xh, ztunnel, berg, lychee, py3-xet-core, rye, atuin, linkerd2, tealdeer, linkerd-extension-init, rustup, parseable, sccache, wasm-pack, pixi, buck2,...

GHSA-965H-392X-2MH5 vulnerabilities

Vulnerabilities for packages: wasmcloud, samply, kdash, zellij, zizmor, shadowsocks-rust, sqlx, linkerd2-proxy, wasmtime, ntpd-rs, cargo-audit, uv, xh, ztunnel, berg, lychee, py3-xet-core, rye, atuin, linkerd2, tealdeer, linkerd-extension-init, rustup, parseable, sccache, wasm-pack, pixi, buck2,...

GHSA-XGP8-3HG3-C2MH vulnerabilities

Vulnerabilities for packages: sentry-cli, shadowsocks-rust, uv, samply, ztunnel-fips, lychee, kdash, berg, wasmcloud, py3-xet-core, qdrant, lakekeeper, linkerd-network-validator, pixi, sccache, rye, cargo-audit, asciinema, xh, fnm, zola, komodo, parseable, ztunnel, linkerd-extension-init, linkerd...

GHSA-965H-392X-2MH5 vulnerabilities

Vulnerabilities for packages: sentry-cli, shadowsocks-rust, uv, samply, ztunnel-fips, lychee, kdash, berg, wasmcloud, py3-xet-core, qdrant, lakekeeper, linkerd-network-validator, pixi, sccache, rye, cargo-audit, asciinema, xh, fnm, zola, komodo, parseable, ztunnel, linkerd-extension-init, linkerd...

CLEANSTART-2026-TC19665 Security fixes for ghsa-65p9-r9h6-22vj, ghsa-hfpc-8r3f-gw53, ghsa-vw5v-4f2q-w9xf applied in versions: 1.6.2-r1

Multiple security vulnerabilities affect the ntpd-rs package. These issues are resolved in later releases. See references for individual vulnerability details...

[SECURITY] Fedora 43 Update: ntpd-rs-1.7.1-1.fc43

Full-featured implementation of NTP with NTS support...

Fedora: Security Advisory (FEDORA-2026-cbe2315bad)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : ntpd-rs (2026-2dc4882154)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2dc4882154 advisory. Update to version 1.7.1. Includes the fix for CVE-2026-26076: Release notes: - - Tenable has extracted the preceding description block directly from the Fedo...

Fedora 43 : ntpd-rs (2026-cbe2315bad)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-cbe2315bad advisory. Update to version 1.7.1. Includes the fix for CVE-2026-26076: Release notes: - - Tenable has extracted the preceding description block directly from the Fedo...

Fedora: Security Advisory (FEDORA-2026-2dc4882154)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 44 : ntpd-rs (2026-eb0777262e)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-eb0777262e advisory. Update to version 1.7.1. Includes the fix for CVE-2026-26076: Release notes: - - Tenable has extracted the preceding description block directly from the Fedo...

OESA-2026-1642 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput in fremovexattr error path In the Linux kernel, the fremovexattr syscall calls fdget to acquire a file reference but returns early withou...

Linux Distros Unpatched Vulnerability : CVE-2026-26076

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above norma...

CVE-2026-26076

ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above normal in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more...

CVE-2026-26076 ntpd-rs affected by excessive CPU load from malformed packets

ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above normal in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more...

CVE-2026-25541 vulnerabilities

Vulnerabilities for packages: wasmcloud, samply, efs-utils, mountpoint-s3, kdash, zellij, zizmor, shadowsocks-rust, sqlx, linkerd2-proxy, linkerd-await, wasmtime, wash, yazi, ntpd-rs, cargo-audit, uv, sdp-k8s-injector, xh, ztunnel, geckodriver, berg, mdbook, cargo-c, pgcat, lychee, py3-xet-core,...

GHSA-434X-W66G-QW3R vulnerabilities

Vulnerabilities for packages: wasmcloud, samply, efs-utils, mountpoint-s3, kdash, zellij, zizmor, shadowsocks-rust, sqlx, linkerd2-proxy, linkerd-await, wasmtime, wash, yazi, ntpd-rs, cargo-audit, uv, sdp-k8s-injector, xh, ztunnel, geckodriver, berg, mdbook, cargo-c, pgcat, lychee, py3-xet-core,...

MiracleLinux 7 : ntp-4.2.6p5-29.2.0.1.el7.AXS7 (AXSA:2020-199:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-199:01 advisory. ntp: ntpd using highly predictable transmit timestamps could result in time change or DoS CVE-2020-13817 ntp: DoS on client ntpd using server mode...

MiracleLinux 3 : ntp-4.2.2p1-9.2.2AXS3 (AXSA:2009-434:03)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2009-434:03 advisory. The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. The ntp package contains utilities and daemons that...