FEDORA-2016-34bc10a2c8

security update in Fedora 22 for ntp

Status: stable 3 years ago

Security fix for CVE-2015-7974, CVE-2015-8138, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8158


Security fix for CVE-2015-7704, CVE-2015-5300, CVE-2015-7692, CVE-2015-7871, CVE-2015-7702, CVE-2015-7691, CVE-2015-7852, CVE-2015-7701

How to install

sudo dnf upgrade --advisory=FEDORA-2016-34bc10a2c8

Comments 7

This update has been submitted for testing by mlichvar.

This update has obsoleted ntp-4.2.6p5-34.fc22, and has inherited its bugs and notes.

This update has been pushed to testing.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

works for me

karma: +1

This update has been submitted for stable by mlichvar.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

#1271070 CVE-2015-7704 ntp: disabling synchronization via crafted KoD packet
#1271076 CVE-2015-5300 ntp: MITM attacker can force ntpd to make a step larger than the panic threshold
#1274165 CVE-2015-7704 CVE-2015-5300 ntp: two flaws [fedora-all]
#1274254 CVE-2015-7691 CVE-2015-7692 CVE-2015-7702 ntp: incomplete checks in ntp_crypto.c
#1274255 CVE-2015-7701 ntp: slow memory leak in CRYPTO_ASSOC
#1274261 CVE-2015-7852 ntp: ntpq atoascii memory corruption vulnerability
#1274265 CVE-2015-7871 ntp: crypto-NAK symmetric association authentication bypass vulnerability
#1274351 CVE-2015-7692 CVE-2015-7871 CVE-2015-7852 CVE-2015-7701 CVE-2015-7702 CVE-2015-7691 ntp: various flaws [fedora-all]
#1297471 CVE-2015-7974 ntp: missing key check allows impersonation between authenticated peers (VU#357792)
#1299442 CVE-2015-8138 ntp: missing check for zero originate timestamp
#1300269 CVE-2015-7977 ntp: restriction list NULL pointer dereference
#1300270 CVE-2015-7978 ntp: stack exhaustion in recursive traversal of restriction list
#1300271 CVE-2015-7979 ntp: off-path denial of service on authenticated broadcast mode
#1300273 CVE-2015-8158 ntp: potential infinite loop in ntpq
#1300277 CVE-2015-7974 CVE-2015-8138 CVE-2015-7973 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8158 CVE-2015-8139 CVE-2015-8140 ntp: various flaws [fedora-all]
Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+1
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 3 years ago
in testing 3 years ago
in stable 3 years ago

Related Bugs 15

00 #1271070 CVE-2015-7704 ntp: disabling synchronization via crafted KoD packet
00 #1271076 CVE-2015-5300 ntp: MITM attacker can force ntpd to make a step larger than the panic threshold
00 #1274165 CVE-2015-7704 CVE-2015-5300 ntp: two flaws [fedora-all]
00 #1274254 CVE-2015-7691 CVE-2015-7692 CVE-2015-7702 ntp: incomplete checks in ntp_crypto.c
00 #1274255 CVE-2015-7701 ntp: slow memory leak in CRYPTO_ASSOC
00 #1274261 CVE-2015-7852 ntp: ntpq atoascii memory corruption vulnerability
00 #1274265 CVE-2015-7871 ntp: crypto-NAK symmetric association authentication bypass vulnerability
00 #1274351 CVE-2015-7692 CVE-2015-7871 CVE-2015-7852 CVE-2015-7701 CVE-2015-7702 CVE-2015-7691 ntp: various flaws [fedora-all]
00 #1297471 CVE-2015-7974 ntp: missing key check allows impersonation between authenticated peers (VU#357792)
00 #1299442 CVE-2015-8138 ntp: missing check for zero originate timestamp
00 #1300269 CVE-2015-7977 ntp: restriction list NULL pointer dereference
00 #1300270 CVE-2015-7978 ntp: stack exhaustion in recursive traversal of restriction list
00 #1300271 CVE-2015-7979 ntp: off-path denial of service on authenticated broadcast mode
00 #1300273 CVE-2015-8158 ntp: potential infinite loop in ntpq
00 #1300277 CVE-2015-7974 CVE-2015-8138 CVE-2015-7973 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8158 CVE-2015-8139 CVE-2015-8140 ntp: various flaws [fedora-all]

Automated Test Results