Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » SUSE-2015:10293

Overview

Id SUSE-2015:10293
Name Novell SUSE 2015:10293 ntp security update for SLE 11 SP3 i586
Vendor Name novell
Product Novell
Content Type Critical Critical
Language(s)
Operating System(s) Linux 
Released On 09 Feb 2015 12:00:00

SUSE-2015:10293

Novell SUSE 2015:10293 ntp security update for SLE 11 SP3 i586

Vendor Name

novell

Product

Novell

Released On

09 Feb 2015 12:00:00

Url

http://www.novell.com/support

Description

LSAC(v2)
ntp has been updated to fix four security issues: * CVE-2014-9294: ntp-keygen used a weak RNG seed, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. (bsc#910764) * CVE-2014-9293: The config_auth function, when an auth key is not configured, improperly generated a key, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. (bsc#910764) * CVE-2014-9298: ::1 can be spoofed on some operating systems, so ACLs based on IPv6 ::1 addresses could be bypassed. (bsc#910764) * CVE-2014-9297: vallen is not validated in several places in ntp_crypto.c, leading to potential information leak. (bsc#910764) Security Issues: * CVE-2014-9294 * CVE-2014-9293 * CVE-2014-9298 * CVE-2014-9297

Related Resources

Related Vulnerabilities

None

Related Patches

Superseded Patches


Last Updated: 27 May 2016 11:20:43