FEDORA-2016-34bc10a2c8

security update in Fedora 22 for ntp

Status: stable 3 years ago

Security fix for CVE-2015-7974, CVE-2015-8138, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8158


Security fix for CVE-2015-7704, CVE-2015-5300, CVE-2015-7692, CVE-2015-7871, CVE-2015-7702, CVE-2015-7691, CVE-2015-7852, CVE-2015-7701

How to install

sudo dnf upgrade --advisory=FEDORA-2016-34bc10a2c8

Comments 7

This update has been submitted for testing by mlichvar.

This update has obsoleted ntp-4.2.6p5-34.fc22, and has inherited its bugs and notes.

This update has been pushed to testing.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

works for me

karma: +1

This update has been submitted for stable by mlichvar.

This update has been pushed to stable.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+1
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 3 years ago
in testing 3 years ago
in stable 3 years ago

Related Bugs 15

00 #1271070 CVE-2015-7704 ntp: disabling synchronization via crafted KoD packet
00 #1271076 CVE-2015-5300 ntp: MITM attacker can force ntpd to make a step larger than the panic threshold
00 #1274165 CVE-2015-7704 CVE-2015-5300 ntp: two flaws [fedora-all]
00 #1274254 CVE-2015-7691 CVE-2015-7692 CVE-2015-7702 ntp: incomplete checks in ntp_crypto.c
00 #1274255 CVE-2015-7701 ntp: slow memory leak in CRYPTO_ASSOC
00 #1274261 CVE-2015-7852 ntp: ntpq atoascii memory corruption vulnerability
00 #1274265 CVE-2015-7871 ntp: crypto-NAK symmetric association authentication bypass vulnerability
00 #1274351 CVE-2015-7692 CVE-2015-7871 CVE-2015-7852 CVE-2015-7701 CVE-2015-7702 CVE-2015-7691 ntp: various flaws [fedora-all]
00 #1297471 CVE-2015-7974 ntp: missing key check allows impersonation between authenticated peers (VU#357792)
00 #1299442 CVE-2015-8138 ntp: missing check for zero originate timestamp
00 #1300269 CVE-2015-7977 ntp: restriction list NULL pointer dereference
00 #1300270 CVE-2015-7978 ntp: stack exhaustion in recursive traversal of restriction list
00 #1300271 CVE-2015-7979 ntp: off-path denial of service on authenticated broadcast mode
00 #1300273 CVE-2015-8158 ntp: potential infinite loop in ntpq
00 #1300277 CVE-2015-7974 CVE-2015-8138 CVE-2015-7973 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8158 CVE-2015-8139 CVE-2015-8140 ntp: various flaws [fedora-all]

Automated Test Results