Описание
ELSA-2018-3854: ntp security update (LOW)
[4.2.6p5-15.0.1]
- add disable monitor to default ntp.conf [CVE-2013-5211]
[4.2.6p5-15]
- fix buffer overflow in parsing of address in ntpq and ntpdc (CVE-2018-12327)
[4.2.6p5-14]
- fix CVE-2016-7429 patch to work correctly on multicast client (#1422973)
[4.2.6p5-13]
- fix buffer overflow in datum refclock driver (CVE-2017-6462)
- fix crash with invalid unpeer command (CVE-2017-6463)
- fix potential crash with invalid server command (CVE-2017-6464)
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
ntp
4.2.6p5-15.0.1.el6_10
ntp-doc
4.2.6p5-15.0.1.el6_10
ntp-perl
4.2.6p5-15.0.1.el6_10
ntpdate
4.2.6p5-15.0.1.el6_10
Oracle Linux i686
ntp
4.2.6p5-15.0.1.el6_10
ntp-doc
4.2.6p5-15.0.1.el6_10
ntp-perl
4.2.6p5-15.0.1.el6_10
ntpdate
4.2.6p5-15.0.1.el6_10
Связанные CVE
Связанные уязвимости
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 ...
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.