SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1568-1)

ntp was updated to version 4.2.8p8 to fix 17 security issues. These security issues were fixed : - CVE-2016-4956: Broadcast interleave bsc982068. - CVE-2016-2518: Crafted addpeer with hmode 7 causes array wraparound with MATCHASSOC bsc977457. - CVE-2016-2519: ctlgetitem return value not always...

SUSE-SU-2016:1471-1 Security update for ntp

This update for ntp fixes the following issues: - Separate the creation of ntp.keys and key 1 in it to avoid problems when upgrading installations that have the file, but no key 1, which is needed e.g. by 'rcntp addserver'. - Update to 4.2.8p7 bsc977446: CVE-2016-1547, bsc977459: Validate...

SUSE-SU-2016:1291-1 Security update for ntp

This update for ntp to 4.2.8p7 fixes the following issues: CVE-2016-1547, bsc977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. CVE-2016-1548, bsc977461: Interleave-pivot CVE-2016-1549, bsc977451: Sybil vulnerability: ephemeral association attack. CVE-2016-1550, bsc977464: Improve NTP security...

Oracle: Security Advisory (ELSA-2015-2231)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ntp security, bug fix, and enhancement update

4.2.6p5-22 - check origin timestamp before accepting KoD RATE packet CVE-2015-7704 - allow only one step larger than panic threshold with -g CVE-2015-5300 4.2.6p5-20 - validate lengths of values in extension fields CVE-2014-9297 - drop packets with spoofed source address ::1 CVE-2014-9298 - rejec...

NTP Local Buffer Overflow Vulnerability

NTP is a network protocol that synchronizes the clocks of two computers by exchanging packets. An NTP program running a custom refclock driver fails to check for a negative value of the 'datalen' parameter, allowing a local attacker to exploit the vulnerability for denial of service attacks...

Updated ntp package fixes security vulnerabilities

Yves Younan discovered that NTP incorrectly handled logfile and keyfile directives. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to enter a loop, resulting in a denial of service CVE-2015-7850. Yves Younan discovered that NTP incorrect...

UBUNTU-CVE-2015-7853

The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service crash via a negative input value...

CVE-2015-7853

The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service crash via a negative input value...

Network Time Protocol Reference Clock Memory Corruption Vulnerability

Talos Vulnerability Report TALOS-2015-0064 Network Time Protocol Reference Clock Memory Corruption Vulnerability October 21, 2015 CVE Number CVE-2015-7853 Description A potential buffer overflow vulnerability exists in the refclock of ntpd. An invalid length provided by a hardware reference clock...