APPLE-SA-2014-12-22-1 OS X NTP Security Update

2014-12-23T00:00:00
ID SECURITYVULNS:DOC:31551
Type securityvulns
Reporter Securityvulns
Modified 2014-12-23T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2014-12-22-1 OS X NTP Security Update

OS X NTP Security Update is now available and addresses the following:

ntpd Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1 Impact: A remote attacker may be able to execute arbitrary code Description: Several issues existed in ntpd that would have allowed an attacker to trigger buffer overflows. These issues were addressed through improved error checking.

To verify the ntpd version, type the following command in Terminal: what /usr/sbin/ntpd. This update includes the following versions:

Mountain Lion: ntp-77.1.1 Mavericks: ntp-88.1.1 Yosemite: ntp-92.5.1

CVE-ID CVE-2014-9295 : Stephen Roettger of the Google Security Team

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJUmGKXAAoJEBcWfLTuOo7tJHwP/iHNiJAZaFxvN81LT382jy3r qDX4YjdhMydBCf+EW/WZJW1mfpqeFS29+4a4HAzxgSHNp7nrhHcyGc1sRkcIj2Co jwISJ3if1+8puTeLjHDaWEozYwGVVXdLQrkqYkbDEzWAimN9jSfOjjKLeVswyVdw o7ZrMZ9R3SqGcrw3tkqFPduur03Ip4a220g0kjydNdkAATHv6/U/eDI7pBybhWWy xQfY7gZxwkP7R+vo7xXgC+0U2j74TIZOS2OYZwS9/7YuKoCq6CETXEVSsXRg/9aN mRwVBneBKVLHKKaXhwbpKT/SQdNvCmmqbI5qG8J5AvNtXyo2a1Y8mXlA6Mp91PTf zZcwCZZyXbNJ3oJK8DEnwP9MjkzZzoa3K5EZQr/4oSTfsG3EJilPPD05GukrWggJ EUdBJZ7+QFwjIEwqXYW++fPv97WW0DZxQvkdkImtFoGdfR+cOXWyhtqk2aaz6JFO vf6C2dTVILHz8rHVfzMxBApgRnZjFe6c04fbW5YSfIC4Qjc4XSm9/KkQYf1YIGH2 s6TOkc8qrmUTgh+VxDoKPU5K/O+1IfTByiGBii+G4cPB6wiXZj43x7zjC+6bgnCo R2UhO62hnEA4Z1++KuYVINfiCKMkxnKHVvGOdb+pBKddGmCeUiM1H0LO/l1/kaFR kNQ7cG1OCTFtFJUpClub =xyD0 -----END PGP SIGNATURE-----