FEDORA-2016-34bc10a2c8

security update in Fedora 22 for ntp

Status: stable 3 years ago

Security fix for CVE-2015-7974, CVE-2015-8138, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8158

Security fix for CVE-2015-7704, CVE-2015-5300, CVE-2015-7692, CVE-2015-7871, CVE-2015-7702, CVE-2015-7691, CVE-2015-7852, CVE-2015-7701

How to install

sudo dnf upgrade --advisory=FEDORA-2016-34bc10a2c8

Comments 7

This update has been submitted for testing by mlichvar.

3 years ago

This update has obsoleted ntp-4.2.6p5-34.fc22, and has inherited its bugs and notes.

3 years ago

This update has been pushed to testing.

3 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

3 years ago
hreindl 3 years ago

works for me

karma: +1

This update has been submitted for stable by mlichvar.

3 years ago

This update has been pushed to stable.

3 years ago

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+1
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 3 years ago
in testing 3 years ago
in stable 3 years ago

Related Bugs 15
00 #1271070 CVE-2015-7704 ntp: disabling synchronization via crafted KoD packet
00 #1271076 CVE-2015-5300 ntp: MITM attacker can force ntpd to make a step larger than the panic threshold
00 #1274165 CVE-2015-7704 CVE-2015-5300 ntp: two flaws [fedora-all]
00 #1274254 CVE-2015-7691 CVE-2015-7692 CVE-2015-7702 ntp: incomplete checks in ntp_crypto.c
00 #1274255 CVE-2015-7701 ntp: slow memory leak in CRYPTO_ASSOC
00 #1274261 CVE-2015-7852 ntp: ntpq atoascii memory corruption vulnerability
00 #1274265 CVE-2015-7871 ntp: crypto-NAK symmetric association authentication bypass vulnerability
00 #1274351 CVE-2015-7692 CVE-2015-7871 CVE-2015-7852 CVE-2015-7701 CVE-2015-7702 CVE-2015-7691 ntp: various flaws [fedora-all]
00 #1297471 CVE-2015-7974 ntp: missing key check allows impersonation between authenticated peers (VU#357792)
00 #1299442 CVE-2015-8138 ntp: missing check for zero originate timestamp
00 #1300269 CVE-2015-7977 ntp: restriction list NULL pointer dereference
00 #1300270 CVE-2015-7978 ntp: stack exhaustion in recursive traversal of restriction list
00 #1300271 CVE-2015-7979 ntp: off-path denial of service on authenticated broadcast mode
00 #1300273 CVE-2015-8158 ntp: potential infinite loop in ntpq
00 #1300277 CVE-2015-7974 CVE-2015-8138 CVE-2015-7973 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8158 CVE-2015-8139 CVE-2015-8140 ntp: various flaws [fedora-all]

Automated Test Results

Copyright © 2007-2019 Red Hat, Inc. and others.

Running bodhi-4.1.1 on bodhi-web-117-zqbtx.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Legal | Privacy policy