Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in NTP
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in NTP
ID: FEDORA-2018-70c191d84a
Distribution: Fedora
Plattformen: Fedora 26
Datum: Di, 27. März 2018, 22:36
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182
Applikationen: NTP

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2018-70c191d84a
2018-03-27 19:25:14.148904
-------------------------------------------------------------------------------
-

Name : ntp
Product : Fedora 26
Version : 4.2.8p11
Release : 1.fc26
URL : http://www.ntp.org
Summary : The NTP daemon and utilities
Description :
The Network Time Protocol (NTP) is used to synchronize a computer's
time with another reference time source. This package includes ntpd
(a daemon which continuously adjusts system time) and utilities used
to query and configure the ntpd daemon.

Perl scripts are in the ntp-perl package, ntpdate is in the ntpdate
package and sntp is in the sntp package. The documentation in HTML
format is in the ntp-doc package.

-------------------------------------------------------------------------------
-
Update Information:

Security fix for CVE-2016-1549, CVE-2018-7170, CVE-2018-7182, CVE-2018-7183,
CVE-2018-7184, CVE-2018-7185
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1550208 - CVE-2018-7182 ntp: buffer read overrun leads information
leak in ctl_getitem()
https://bugzilla.redhat.com/show_bug.cgi?id=1550208
[ 2 ] Bug #1550214 - CVE-2018-7170 ntp: Ephemeral association time spoofing
additional protection
https://bugzilla.redhat.com/show_bug.cgi?id=1550214
[ 3 ] Bug #1550218 - CVE-2018-7184 ntp: Interleaved symmetric mode cannot
recover from bad state
https://bugzilla.redhat.com/show_bug.cgi?id=1550218
[ 4 ] Bug #1550220 - CVE-2018-7185 ntp: Unauthenticated packet can reset
authenticated interleaved association
https://bugzilla.redhat.com/show_bug.cgi?id=1550220
[ 5 ] Bug #1550223 - CVE-2018-7183 ntp: decodearr() can write beyond its
buffer limit
https://bugzilla.redhat.com/show_bug.cgi?id=1550223
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade ntp' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung