You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa ntp

Sigurnosni nedostaci programskog paketa ntp

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2015-11-04 18:17:28.541358

Name : ntp
Product : Fedora 21
Version : 4.2.6p5
Release : 34.fc21
Summary : The NTP daemon and utilities
Description :
The Network Time Protocol (NTP) is used to synchronize a computer’s
time with another reference time source. This package includes ntpd
(a daemon which continuously adjusts system time) and utilities used
to query and configure the ntpd daemon.

Perl scripts ntp-wait and ntptrace are in the ntp-perl package,
ntpdate is in the ntpdate package and sntp is in the sntp package.
The documentation is in the ntp-doc package.

Update Information:

Security fix for CVE-2015-7704, CVE-2015-5300, CVE-2015-7692, CVE-2015-7871,
CVE-2015-7702, CVE-2015-7691, CVE-2015-7852, CVE-2015-7701 —- Security fix
for CVE-2015-5146, CVE-2015-5194, CVE-2015-5219, CVE-2015-5195, CVE-2015-5196

[ 1 ] Bug #1274254 – CVE-2015-7691 CVE-2015-7692 CVE-2015-7702 ntp: incomplete checks in ntp_crypto.c
[ 2 ] Bug #1274255 – CVE-2015-7701 ntp: slow memory leak in CRYPTO_ASSOC
[ 3 ] Bug #1274261 – CVE-2015-7852 ntp: ntpq atoascii memory corruption vulnerability
[ 4 ] Bug #1274265 – CVE-2015-7871 ntp: crypto-NAK symmetric association authentication bypass vulnerability
[ 5 ] Bug #1271070 – CVE-2015-7704 ntp: disabling synchronization via crafted KoD packet
[ 6 ] Bug #1271076 – CVE-2015-5300 ntp: MITM attacker can force ntpd to make a step larger than the panic threshold
[ 7 ] Bug #1238136 – CVE-2015-5146 ntp: ntpd control message crash on crafted NUL-byte in configuration directive (VU#668167)
[ 8 ] Bug #1254542 – CVE-2015-5194 ntp: crash with crafted logconfig configuration command
[ 9 ] Bug #1254544 – CVE-2015-5195 ntp: ntpd crash when processing config commands with statistics type
[ 10 ] Bug #1254547 – CVE-2015-7703 ntp: config command can be used to set the pidfile and drift file paths
[ 11 ] Bug #1255118 – CVE-2015-5219 ntp: infinite loop in sntp processing crafted packet

This update can be installed with the “yum” update program. Use
su -c ‘yum update ntp’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorMarko Stanec
Cert idNCERT-REF-2015-11-0027-ADV
More in Preporuke
Sigurnosni nedostatak operativnog sustava Cisco AsyncOS

Otkriven je sigurnosni nedostatak u operativnom sustavu Cisco AsyncOS za Cisco ESA, SMA i WSA proizvode. Otkriveni nedostatak potencijalnim napadačima...