You are here
Home > Preporuke > Višestruke ranjivosti programskog paketa ntp

Višestruke ranjivosti programskog paketa ntp

  • Detalji os-a: FED
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2015-11-02 17:42:58.181594

Name : ntp
Product : Fedora 23
Version : 4.2.6p5
Release : 34.fc23
Summary : The NTP daemon and utilities
Description :
The Network Time Protocol (NTP) is used to synchronize a computer’s
time with another reference time source. This package includes ntpd
(a daemon which continuously adjusts system time) and utilities used
to query and configure the ntpd daemon.

Perl scripts ntp-wait and ntptrace are in the ntp-perl package,
ntpdate is in the ntpdate package and sntp is in the sntp package.
The documentation is in the ntp-doc package.

Update Information:

Security fix for CVE-2015-7704, CVE-2015-5300, CVE-2015-7692, CVE-2015-7871,
CVE-2015-7702, CVE-2015-7691, CVE-2015-7852, CVE-2015-7701

[ 1 ] Bug #1274254 – CVE-2015-7691 CVE-2015-7692 CVE-2015-7702 ntp: incomplete checks in ntp_crypto.c
[ 2 ] Bug #1274255 – CVE-2015-7701 ntp: slow memory leak in CRYPTO_ASSOC
[ 3 ] Bug #1274261 – CVE-2015-7852 ntp: ntpq atoascii memory corruption vulnerability
[ 4 ] Bug #1274265 – CVE-2015-7871 ntp: crypto-NAK symmetric association authentication bypass vulnerability
[ 5 ] Bug #1271070 – CVE-2015-7704 ntp: disabling synchronization via crafted KoD packet
[ 6 ] Bug #1271076 – CVE-2015-5300 ntp: MITM attacker can force ntpd to make a step larger than the panic threshold

This update can be installed with the “yum” update program. Use
su -c ‘yum update ntp’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorTomislav Protega
Cert idNCERT-REF-2015-11-0002-ADV
CveCVE-2015-7704 CVE-2015-5300 CVE-2015-7692 CVE-2015-7871 CVE-2015-7702 CVE-2015-7691 CVE-2015-7852 CVE-2015-7701
ID izvornikaFEDORA-2015-f5f5ec7b6b
More in Preporuke
Sigurnosni nedostaci programskog paketa community-mysql

Otkriveni su sigurnosni nedostaci u programskom paketu community-mysql za operacijski sustava Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju utjecaj na povjerljivost,...