You are here
Home > Preporuke > Ranjivosti programskog paketa ntp

Ranjivosti programskog paketa ntp

  • Detalji os-a: FED
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2015-10-11 23:27:18.923532

Name : ntp
Product : Fedora 22
Version : 4.2.6p5
Release : 33.fc22
Summary : The NTP daemon and utilities
Description :
The Network Time Protocol (NTP) is used to synchronize a computer’s
time with another reference time source. This package includes ntpd
(a daemon which continuously adjusts system time) and utilities used
to query and configure the ntpd daemon.

Perl scripts ntp-wait and ntptrace are in the ntp-perl package,
ntpdate is in the ntpdate package and sntp is in the sntp package.
The documentation is in the ntp-doc package.

Update Information:

Security fix for CVE-2015-5146, CVE-2015-5194, CVE-2015-5219, CVE-2015-5195,

[ 1 ] Bug #1238136 – CVE-2015-5146 ntp: ntpd control message crash on crafted NUL-byte in configuration directive (VU#668167)
[ 2 ] Bug #1254542 – CVE-2015-5194 ntp: crash with crafted logconfig configuration command
[ 3 ] Bug #1254544 – CVE-2015-5195 ntp: ntpd crash when processing config commands with statistics type
[ 4 ] Bug #1254547 – CVE-2015-5196 ntp: config command can be used to set the pidfile and drift file paths
[ 5 ] Bug #1255118 – CVE-2015-5219 ntp: infinite loop in sntp processing crafted packet

This update can be installed with the “yum” update program. Use
su -c ‘yum update ntp’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorTomislav Protega
Cert idNCERT-REF-2015-10-0006-ADV
CveCVE-2015-5146 CVE-2015-5194 CVE-2015-5219 CVE-2015-5195 CVE-2015-5196
ID izvornikaFEDORA-2015-14212
More in Preporuke
Sigurnosni nedostaci programskog paketa spice

Otkriveni su sigurnosni nedostaci u programskom paketu spice za operacijski sustav Debian. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje napada uskraćivanjem...