ELSA-2015-1930

Опубликовано: 26 окт. 2015

Источник: oracle-oval

Платформа: Oracle Linux 7

Платформа: Oracle Linux 6

Описание

ELSA-2015-1930: ntp security update (IMPORTANT)

[4.2.6p5-5.el6_7.2]

check origin timestamp before accepting KoD RATE packet (CVE-2015-7704)
allow only one step larger than panic threshold with -g (CVE-2015-5300)

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

ntp

4.2.6p5-19.el7_1.3

ntp-doc

4.2.6p5-19.el7_1.3

ntp-perl

4.2.6p5-19.el7_1.3

ntpdate

4.2.6p5-19.el7_1.3

sntp

4.2.6p5-19.el7_1.3

Oracle Linux 6

Oracle Linux x86_64

ntp

4.2.6p5-5.el6_7.2

ntp-doc

4.2.6p5-5.el6_7.2

ntp-perl

4.2.6p5-5.el6_7.2

ntpdate

4.2.6p5-5.el6_7.2

Oracle Linux i686

ntp

4.2.6p5-5.el6_7.2

ntp-doc

4.2.6p5-5.el6_7.2

ntp-perl

4.2.6p5-5.el6_7.2

ntpdate

4.2.6p5-5.el6_7.2

Связанные CVE

CVE-2015-7704

CVE-2015-5300

Ссылки на источники

Связанные уязвимости

CVE-2015-5300

CVSS3: 7.5

ubuntu

больше 8 лет назад

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

CVE-2015-5300

redhat

около 10 лет назад

CVE-2015-5300

CVSS3: 7.5

nvd

больше 8 лет назад

CVE-2015-5300

CVSS3: 7.5

debian

больше 8 лет назад

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after th ...

CVE-2015-7704

CVSS3: 7.5

ubuntu

больше 8 лет назад

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.