Univention Bugzilla – Attachment 6925 Details for
Bug 37691
ntp: Multiple issues (ES 3.1)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
advisory v3
37691_ntp.adv (text/plain), 1.26 KB, created by
Philipp Hahn
on 2015-05-28 11:51:47 CEST
(
hide
)
Description:
advisory v3
Filename:
MIME Type:
Creator:
Philipp Hahn
Created:
2015-05-28 11:51:47 CEST
Size:
1.26 KB
patch
obsolete
>A new update is available for Univention Corporate Server 3.1 as >part of the extended security maintenance. >It addresses the following problem: > >Program component: ntp >Reference: CVE-2014-9297 CVE-2014-9298 CVE-2015-1798 CVE-2015-1799 >Fixed version: 1:4.2.6.p2+dfsg-1.41.201505271824 > >This update fixed the following issues: >- Information leak/denial of service in autokey crypto handling (CVE-2014-9297) >- ACLs restricting the access to control mode queries can be bypassed > on IPv6 networks (CVE-2014-9298) >- Man-in-the-middle attackers may spoof packets by omitting the MAC because > the symmetric-key feature in the receive function in ntp_proto.c requires > a correct MAC only if the MAC field has a nonzero length (CVE-2015-1798) >- Man-in-the-middle attackers may cause a denial of service (synchronization loss) > by spoofing the source IP address of a peer because the symmetric-key feature > in the receive function in ntp_proto.c performs state-variable updates upon > receiving certain invalid packets (CVE-2015-1799) >-- >Univention GmbH >be open. >Mary-Somerville-Str.1 >28359 Bremen >Tel. : +49 421 22232-0 >Fax : +49 421 22232-99 > ><info@univention.de> >http://www.univention.de/ > >Geschäftsführer: Peter H. Ganten >HRB 20755 Amtsgericht Bremen >Steuer-Nr.: 71-597-02876
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=6925">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 37691
:
6924
| 6925