You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa ntp

Sigurnosni nedostaci programskog paketa ntp

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2016-01-30 14:54:08.580277

Name : ntp
Product : Fedora 23
Version : 4.2.6p5
Release : 36.fc23
Summary : The NTP daemon and utilities
Description :
The Network Time Protocol (NTP) is used to synchronize a computer’s
time with another reference time source. This package includes ntpd
(a daemon which continuously adjusts system time) and utilities used
to query and configure the ntpd daemon.

Perl scripts ntp-wait and ntptrace are in the ntp-perl package,
ntpdate is in the ntpdate package and sntp is in the sntp package.
The documentation is in the ntp-doc package.

Update Information:

Security fix for CVE-2015-7974, CVE-2015-8138, CVE-2015-7977, CVE-2015-7978,
CVE-2015-7979, CVE-2015-8158

[ 1 ] Bug #1297471 – CVE-2015-7974 ntp: missing key check allows impersonation between authenticated peers (VU#357792)
[ 2 ] Bug #1299442 – CVE-2015-8138 ntp: missing check for zero originate timestamp
[ 3 ] Bug #1300269 – CVE-2015-7977 ntp: restriction list NULL pointer dereference
[ 4 ] Bug #1300270 – CVE-2015-7978 ntp: stack exhaustion in recursive traversal of restriction list
[ 5 ] Bug #1300271 – CVE-2015-7979 ntp: off-path denial of service on authenticated broadcast mode
[ 6 ] Bug #1300273 – CVE-2015-8158 ntp: potential infinite loop in ntpq

This update can be installed with the “yum” update program. Use
su -c ‘yum update ntp’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorMarko Stanec
Cert idNCERT-REF-2016-02-0011-ADV
More in Preporuke
Sigurnosni nedostaci u jezgri operacijskog sustava

Otkriveni su sigurnosni nedostaci u jezgri operacijskog sustava Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje napada uskraćivanja usluge, otkrivanje informacija,...