Fixed vulnerabilities:
- CVE-2014-9297 (VulnLIB link) Stephen Roettger, Sebastian Krahmer, and Harlan Stenn discovered that NTP incorrectly handled the length value in extension fields. A remote attacker could use this issue to possibly obtain leaked information, or cause the NTP daemon to crash, resulting in a denial of service.
- CVE-2014-9298 (VulnLIB link) Stephen Roettger discovered that NTP incorrectly handled ACLs based on certain IPv6 addresses.
Affected releases:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Software description:
- ntp - Network Time Protocol daemon and utility programs
Solution:
- Check VulnLIB for fixes for CVEs listed above.
Source:
Tuesday, 10.02.2015
Ubuntu Security Notice USN-2497-1
Geposted von Ali Elci
Ali Elci is an IT security specialist with more than 16 years of experience consulting for government and industry, an advocate for transparency and standardization in security reporting, and the founder of Ciproc GmbH.
VulnLIB Enterprise Auditor ist ein leistungsfähiges, innovatives Tool, welches eine umfassende, tagesaktuelle Kontrolle über fehlende Sicherheitsupdates einer kompletten IT-Infrastruktur bereitstellen kann; gleichzeitig liefert es spezifische Empfehlungen für Patches und Upgrades der Softwarehersteller.
mehr