[ MDVSA-2015:046 ] ntp

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:046
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : ntp
 Date    : February 12, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated ntp packages fix security vulnerabilities:
 
 Stephen Roettger of the Google Security Team, Sebastian Krahmer of
 the SUSE Security Team and Harlan Stenn of Network Time Foundation
 discovered that the length value in extension fields is not properly
 validated in several code paths in ntp_crypto.c, which could lead to
 information leakage or denial of service (CVE-2014-9297).
 
 Stephen Roettger of the Google Security Team reported that ACLs based
 on IPv6 ::1 (localhost) addresses can be bypassed (CVE-2014-9298).
 ______

007 Software

Leave a Reply Cancel reply

Software and Security Information