You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa ntp

Sigurnosni nedostaci programskog paketa ntp

——————————————————————————–
Fedora Update Notification
FEDORA-2018-70c191d84a
2018-03-27 19:25:14.148904
——————————————————————————–

Name : ntp
Product : Fedora 26
Version : 4.2.8p11
Release : 1.fc26
URL : http://www.ntp.org
Summary : The NTP daemon and utilities
Description :
The Network Time Protocol (NTP) is used to synchronize a computer’s
time with another reference time source. This package includes ntpd
(a daemon which continuously adjusts system time) and utilities used
to query and configure the ntpd daemon.

Perl scripts are in the ntp-perl package, ntpdate is in the ntpdate
package and sntp is in the sntp package. The documentation in HTML
format is in the ntp-doc package.

——————————————————————————–
Update Information:

Security fix for CVE-2016-1549, CVE-2018-7170, CVE-2018-7182, CVE-2018-7183,
CVE-2018-7184, CVE-2018-7185
——————————————————————————–
References:

[ 1 ] Bug #1550208 – CVE-2018-7182 ntp: buffer read overrun leads information leak in ctl_getitem()
https://bugzilla.redhat.com/show_bug.cgi?id=1550208
[ 2 ] Bug #1550214 – CVE-2018-7170 ntp: Ephemeral association time spoofing additional protection
https://bugzilla.redhat.com/show_bug.cgi?id=1550214
[ 3 ] Bug #1550218 – CVE-2018-7184 ntp: Interleaved symmetric mode cannot recover from bad state
https://bugzilla.redhat.com/show_bug.cgi?id=1550218
[ 4 ] Bug #1550220 – CVE-2018-7185 ntp: Unauthenticated packet can reset authenticated interleaved association
https://bugzilla.redhat.com/show_bug.cgi?id=1550220
[ 5 ] Bug #1550223 – CVE-2018-7183 ntp: decodearr() can write beyond its buffer limit
https://bugzilla.redhat.com/show_bug.cgi?id=1550223
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade ntp’ at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2018-de113aeac6
2018-03-27 19:56:39.707899
——————————————————————————–

Name : ntp
Product : Fedora 27
Version : 4.2.8p11
Release : 1.fc27
URL : http://www.ntp.org
Summary : The NTP daemon and utilities
Description :
The Network Time Protocol (NTP) is used to synchronize a computer’s
time with another reference time source. This package includes ntpd
(a daemon which continuously adjusts system time) and utilities used
to query and configure the ntpd daemon.

Perl scripts are in the ntp-perl package, ntpdate is in the ntpdate
package and sntp is in the sntp package. The documentation in HTML
format is in the ntp-doc package.

——————————————————————————–
Update Information:

Security fix for CVE-2016-1549, CVE-2018-7170, CVE-2018-7182, CVE-2018-7183,
CVE-2018-7184, CVE-2018-7185
——————————————————————————–
References:

[ 1 ] Bug #1550208 – CVE-2018-7182 ntp: buffer read overrun leads information leak in ctl_getitem()
https://bugzilla.redhat.com/show_bug.cgi?id=1550208
[ 2 ] Bug #1550214 – CVE-2018-7170 ntp: Ephemeral association time spoofing additional protection
https://bugzilla.redhat.com/show_bug.cgi?id=1550214
[ 3 ] Bug #1550218 – CVE-2018-7184 ntp: Interleaved symmetric mode cannot recover from bad state
https://bugzilla.redhat.com/show_bug.cgi?id=1550218
[ 4 ] Bug #1550220 – CVE-2018-7185 ntp: Unauthenticated packet can reset authenticated interleaved association
https://bugzilla.redhat.com/show_bug.cgi?id=1550220
[ 5 ] Bug #1550223 – CVE-2018-7183 ntp: decodearr() can write beyond its buffer limit
https://bugzilla.redhat.com/show_bug.cgi?id=1550223
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade ntp’ at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa slurm

Otkriven je sigurnosni nedostatak u programskom paketu slurm za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izvođenje SQL-Injection napada....

Close