Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:0274-1

Опубликовано: 10 фев. 2015
Источник: suse-cvrf

Описание

Security update for ntp

ntp was updated to fix four security issues.

These security issues were fixed:

  • CVE-2014-9294: util/ntp-keygen.c in ntp-keygen used a weak RNG seed, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack (bnc#910764 911792).
  • CVE-2014-9293: The config_auth function in ntpd, when an auth key was not configured, improperly generated a key, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack (bnc#910764 911792).
  • CVE-2014-9298: ::1 can be spoofed on some OSes, so ACLs based on IPv6 ::1 addresses could be bypassed (bnc#911792).
  • CVE-2014-9297: Information leak by not properly checking a length in several places in ntp_crypto.c (bnc#911792).

Список пакетов

SUSE Linux Enterprise Desktop 12
ntp-4.2.6p5-37.2
ntp-doc-4.2.6p5-37.2
SUSE Linux Enterprise Server 12
ntp-4.2.6p5-37.2
ntp-doc-4.2.6p5-37.2
SUSE Linux Enterprise Server for SAP Applications 12
ntp-4.2.6p5-37.2
ntp-doc-4.2.6p5-37.2

Ссылки

Описание

The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:ntp-4.2.6p5-37.2
SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.6p5-37.2
SUSE Linux Enterprise Server 12:ntp-4.2.6p5-37.2
SUSE Linux Enterprise Server 12:ntp-doc-4.2.6p5-37.2
Ссылки

Описание

util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:ntp-4.2.6p5-37.2
SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.6p5-37.2
SUSE Linux Enterprise Server 12:ntp-4.2.6p5-37.2
SUSE Linux Enterprise Server 12:ntp-doc-4.2.6p5-37.2
Ссылки

Описание

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:ntp-4.2.6p5-37.2
SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.6p5-37.2
SUSE Linux Enterprise Server 12:ntp-4.2.6p5-37.2
SUSE Linux Enterprise Server 12:ntp-doc-4.2.6p5-37.2
Ссылки

Описание

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:ntp-4.2.6p5-37.2
SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.6p5-37.2
SUSE Linux Enterprise Server 12:ntp-4.2.6p5-37.2
SUSE Linux Enterprise Server 12:ntp-doc-4.2.6p5-37.2
Ссылки
Уязвимость SUSE-SU-2015:0274-1