NTP vulnerabilities

2015-02-09T00:00:00
ID USN-2497-1
Type ubuntu
Reporter Ubuntu
Modified 2015-02-09T00:00:00

Description

Stephen Roettger, Sebastian Krahmer, and Harlan Stenn discovered that NTP
incorrectly handled the length value in extension fields. A remote attacker
could use this issue to possibly obtain leaked information, or cause the
NTP daemon to crash, resulting in a denial of service. (CVE-2014-9297)

Stephen Roettger discovered that NTP incorrectly handled ACLs based on
certain IPv6 addresses. (CVE-2014-9298)