Univention Bugzilla – Bug 37746
ntp: Information leak (4.0)
Last modified: 2015-03-25 16:38:17 CET
Information leak/denial of service in autokey crypto handling (CVE-2014-9297) The extracted Wheezy fix for this one was incomplete (erratum 79), some additional sanitisins were missing.
Tests (i386): OK
Advisory: 2015-03-17-ntp.yaml
OK: aptitude install '?source-package(ntp)?installed' # amd64 i386 OK: apt-cache policy ntp # 1:4.2.6.p5+dfsg-2.37.201503161732 FIXED: errata-announce -V 2015-03-17-ntp.yaml OK: 2015-03-17-ntp.yaml -> r59191 OK: debian/patches/CVE-2014-9297.patch
<http://errata.univention.de/ucs/4.0/129.html>