FEDORA-2015-77bfbc1bcd

security update in Fedora 21 for ntp

Status: stable 3 years ago

Security fix for CVE-2015-7704, CVE-2015-5300, CVE-2015-7692, CVE-2015-7871, CVE-2015-7702, CVE-2015-7691, CVE-2015-7852, CVE-2015-7701


Security fix for CVE-2015-5146, CVE-2015-5194, CVE-2015-5219, CVE-2015-5195, CVE-2015-5196

How to install

sudo dnf upgrade --advisory=FEDORA-2015-77bfbc1bcd

Comments 7

This update has been submitted for testing by mlichvar.

This update has obsoleted ntp-4.2.6p5-33.fc21, and has inherited its bugs and notes.

This update has been pushed to testing.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by mlichvar.

Taskotron: upgradepath test FAILED on noarch. Result log: https://taskotron.fedoraproject.org/resultsdb/results/4670380 (results are informative only)

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

#1238136 CVE-2015-5146 ntp: ntpd control message crash on crafted NUL-byte in configuration directive (VU#668167)
#1238140 CVE-2015-5146 ntp: ntpd control message crash on crafted NUL-byte in configuration directive (VU#668167) [fedora-all]
#1254542 CVE-2015-5194 ntp: crash with crafted logconfig configuration command
#1254544 CVE-2015-5195 ntp: ntpd crash when processing config commands with statistics type
#1254547 CVE-2015-7703 ntp: config command can be used to set the pidfile and drift file paths
#1255118 CVE-2015-5219 ntp: infinite loop in sntp processing crafted packet
#1256664 CVE-2015-5195 ntp: ntpd crash when processing config commands with statistics type [fedora-all]
#1256667 CVE-2015-5196 ntp: config command can be used to set the pidfile and drift file paths [fedora-all]
#1256680 CVE-2015-5219 ntp: infinite loop in sntp processing crafted packet [fedora-all]
#1256681 CVE-2015-5194 ntp: invalid free() with crafted logconfig configuration command [fedora-all]
#1271070 CVE-2015-7704 ntp: disabling synchronization via crafted KoD packet
#1271076 CVE-2015-5300 ntp: MITM attacker can force ntpd to make a step larger than the panic threshold
#1274165 CVE-2015-7704 CVE-2015-5300 ntp: two flaws [fedora-all]
#1274254 CVE-2015-7691 CVE-2015-7692 CVE-2015-7702 ntp: incomplete checks in ntp_crypto.c
#1274255 CVE-2015-7701 ntp: slow memory leak in CRYPTO_ASSOC
#1274261 CVE-2015-7852 ntp: ntpq atoascii memory corruption vulnerability
#1274265 CVE-2015-7871 ntp: crypto-NAK symmetric association authentication bypass vulnerability
#1274351 CVE-2015-7692 CVE-2015-7871 CVE-2015-7852 CVE-2015-7701 CVE-2015-7702 CVE-2015-7691 ntp: various flaws [fedora-all]
Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 3 years ago
in testing 3 years ago
in stable 3 years ago

Related Bugs 18

00 #1238136 CVE-2015-5146 ntp: ntpd control message crash on crafted NUL-byte in configuration directive (VU#668167)
00 #1238140 CVE-2015-5146 ntp: ntpd control message crash on crafted NUL-byte in configuration directive (VU#668167) [fedora-all]
00 #1254542 CVE-2015-5194 ntp: crash with crafted logconfig configuration command
00 #1254544 CVE-2015-5195 ntp: ntpd crash when processing config commands with statistics type
00 #1254547 CVE-2015-7703 ntp: config command can be used to set the pidfile and drift file paths
00 #1255118 CVE-2015-5219 ntp: infinite loop in sntp processing crafted packet
00 #1256664 CVE-2015-5195 ntp: ntpd crash when processing config commands with statistics type [fedora-all]
00 #1256667 CVE-2015-5196 ntp: config command can be used to set the pidfile and drift file paths [fedora-all]
00 #1256680 CVE-2015-5219 ntp: infinite loop in sntp processing crafted packet [fedora-all]
00 #1256681 CVE-2015-5194 ntp: invalid free() with crafted logconfig configuration command [fedora-all]
00 #1271070 CVE-2015-7704 ntp: disabling synchronization via crafted KoD packet
00 #1271076 CVE-2015-5300 ntp: MITM attacker can force ntpd to make a step larger than the panic threshold
00 #1274165 CVE-2015-7704 CVE-2015-5300 ntp: two flaws [fedora-all]
00 #1274254 CVE-2015-7691 CVE-2015-7692 CVE-2015-7702 ntp: incomplete checks in ntp_crypto.c
00 #1274255 CVE-2015-7701 ntp: slow memory leak in CRYPTO_ASSOC
00 #1274261 CVE-2015-7852 ntp: ntpq atoascii memory corruption vulnerability
00 #1274265 CVE-2015-7871 ntp: crypto-NAK symmetric association authentication bypass vulnerability
00 #1274351 CVE-2015-7692 CVE-2015-7871 CVE-2015-7852 CVE-2015-7701 CVE-2015-7702 CVE-2015-7691 ntp: various flaws [fedora-all]

Automated Test Results