SUSE-SU-2015:0274-1
- Source
- https://www.suse.com/support/update/announcement/2015/suse-su-20150274-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:0274-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2015:0274-1
- Related
- Published
- 2015-02-10T07:37:15Z
- Modified
- 2015-02-10T07:37:15Z
- Summary
- Security update for ntp
- Details
-
ntp was updated to fix four security issues.
These security issues were fixed: - CVE-2014-9294: util/ntp-keygen.c in ntp-keygen used a weak RNG seed, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack (bnc#910764 911792). - CVE-2014-9293: The configauth function in ntpd, when an auth key was not configured, improperly generated a key, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack (bnc#910764 911792). - CVE-2014-9298: ::1 can be spoofed on some OSes, so ACLs based on IPv6 ::1 addresses could be bypassed (bnc#911792). - CVE-2014-9297: Information leak by not properly checking a length in several places in ntpcrypto.c (bnc#911792).
- References
-
- https://www.suse.com/support/update/announcement/2015/suse-su-20150274-1/
- https://bugzilla.suse.com/910764
- https://bugzilla.suse.com/911792
- https://www.suse.com/security/cve/CVE-2014-9293
- https://www.suse.com/security/cve/CVE-2014-9294
- https://www.suse.com/security/cve/CVE-2014-9297
- https://www.suse.com/security/cve/CVE-2014-9298
Affected packages
SUSE:Linux Enterprise Desktop 12 / ntp
Package
- Name
- ntp
- Purl
- pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Desktop%2012
SUSE:Linux Enterprise Server 12 / ntp
Package
- Name
- ntp
- Purl
- pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2012