This ntp update fixes the following critical security issue:
* A potential remote code execution problem was found inside ntpd. The
functions crypto_recv() (when using autokey authentication) and
ctl_putdata() where updated to avoid buffer overflows that could
have been exploited. (CVE-2014-9295 / VU#852879)
Security Issues:
* CVE-2014-9295
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295</a>>
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
SUSE Linux Enterprise Server LTSS | 10.4 | s390x | xntp | < 4.2.4p3-48.25.1 | xntp-4.2.4p3-48.25.1.s390x.rpm |
SUSE Linux Enterprise Server LTSS | 10.4 | x86_64 | xntp | < 4.2.4p3-48.25.1 | xntp-4.2.4p3-48.25.1.x86_64.rpm |
SUSE Linux Enterprise Server LTSS | 10.4 | i586 | xntp | < 4.2.4p3-48.25.1 | xntp-4.2.4p3-48.25.1.i586.rpm |
SUSE Linux Enterprise Server LTSS | 10.4 | i586 | xntp-doc | < 4.2.4p3-48.25.1 | xntp-doc-4.2.4p3-48.25.1.i586.rpm |
SUSE Linux Enterprise Server LTSS | 10.4 | s390x | xntp-doc | < 4.2.4p3-48.25.1 | xntp-doc-4.2.4p3-48.25.1.s390x.rpm |
SUSE Linux Enterprise Server LTSS | 10.4 | x86_64 | xntp-doc | < 4.2.4p3-48.25.1 | xntp-doc-4.2.4p3-48.25.1.x86_64.rpm |