Bug 37692 – ntp: Multiple issues (3.2)

Bug 37692 - ntp: Multiple issues (3.2)


Summary:	ntp: Multiple issues (3.2)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.0
Hardware:	Other Linux

Importance:	P3 normal (vote)
Target Milestone:	UCS 3.2-5-errata
Assigned To:	Janek Walkenhorst
QA Contact:	Philipp Hahn

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2015-02-05 08:47 CET by Moritz Muehlenhoff
Modified:	2015-03-23 13:13 CET (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Moritz Muehlenhoff

2015-02-05 08:47:35 CET

Information leak/denial of service in autokey crypto handling (CVE-2014-9297)
ACLs restricting the access to control mode queries can be bypassed on IPv6 networks(CVE-2014-9298)

Comment 1 Janek Walkenhorst

2015-03-19 18:57:08 CET

Advisory: 2015-03-19-ntp.yaml
Tests (i386): OK

Comment 2 Philipp Hahn

2015-03-20 17:28:33 CET

OK: apt-cache policy ntp # 1:4.2.6.p2+dfsg-1.38.201503191841
OK: DEBIAN_FRONTEND=noninteractive aptitude install '?source-package(ntp)~i' # i386 amd64
OK: zless /usr/share/doc/ntp/changelog.Debian.gz
OK: ntpq -p
OK: Windows 7

OK: CVE-2014-9297 CVE-2014-9298

OK: 2015-03-19-ntp.yaml
OK: errata-announce -V 2015-03-19-ntp.yaml

Comment 3 Moritz Muehlenhoff

2015-03-23 13:13:38 CET

http://errata.univention.de/ucs/3.2/295.html