Bug 37406 - ntp: Multiple issues (ES 3.1)
Summary: ntp: Multiple issues (ES 3.1)
Status: CLOSED FIXED
Alias: None
Product: UCS
Classification: Unclassified
Component: Security updates
Version: UCS 4.0
Hardware: Other Linux
: P2 normal
Target Milestone: UCS 3.1-ES
Assignee: Moritz Muehlenhoff
QA Contact: Felix Botner
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-12-22 08:07 CET by Moritz Muehlenhoff
Modified: 2015-01-09 09:48 CET (History)
0 users

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Customer ID:
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2014-12-22 08:07:31 CET 
Multiple issues have been found in ISC NTP:

An insecure default key could lead to an attacker being able to reconfigure ntpd (CVE-2014-9293)

ntp-keygen generated weak keys (CVE-2014-9294)

Multiple buffer overflows (CVE-2014-9295)

Incorrect error handling in processing NTP packets (CVE-2014-9296)
Comment 1 Moritz Muehlenhoff univentionstaff 2014-12-22 11:43:10 CET 
An updated package has been built, tests were successful.
Comment 2 Felix Botner univentionstaff 2014-12-22 13:04:57 CET 
OK - unsigned NTP (signed NTP does not work, probably configuration problems)
Comment 3 Moritz Muehlenhoff univentionstaff 2015-01-09 09:48:39 CET 
The update has been released in the component extsec3.1