xntp has been updated to fix two security issues:
* CVE-2014-9298: ::1 can be spoofed on some OSes, so ACLs based on
IPv6 ::1 addresses can be bypassed (bnc#911792).
* CVE-2014-9297: vallen is not validated in several places in
ntp_crypto.c, leading to potential info leak (bnc#911792).
Security Issues:
* CVE-2014-9294
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294</a>>
* CVE-2014-9293
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293</a>>
* CVE-2014-9298
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9298">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9298</a>>
* CVE-2014-9297
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9297">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9297</a>>
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
SUSE Linux Enterprise Server LTSS | 10.4 | i586 | xntp | < 4.2.4p3-48.27.1 | xntp-4.2.4p3-48.27.1.i586.rpm |
SUSE Linux Enterprise Server LTSS | 10.4 | x86_64 | xntp | < 4.2.4p3-48.27.1 | xntp-4.2.4p3-48.27.1.x86_64.rpm |
SUSE Linux Enterprise Server LTSS | 10.4 | s390x | xntp-doc | < 4.2.4p3-48.27.1 | xntp-doc-4.2.4p3-48.27.1.s390x.rpm |
SUSE Linux Enterprise Server LTSS | 10.4 | s390x | xntp | < 4.2.4p3-48.27.1 | xntp-4.2.4p3-48.27.1.s390x.rpm |
SUSE Linux Enterprise Server LTSS | 10.4 | x86_64 | xntp-doc | < 4.2.4p3-48.27.1 | xntp-doc-4.2.4p3-48.27.1.x86_64.rpm |
SUSE Linux Enterprise Server LTSS | 10.4 | i586 | xntp-doc | < 4.2.4p3-48.27.1 | xntp-doc-4.2.4p3-48.27.1.i586.rpm |