Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 07 Apr 2015 10:49:21 -0600
From: Kurt Seifried <>
Subject: Re: ntp security release today

On 04/07/2015 09:48 AM, Marcus Meissner wrote:
> Hi,
> has released ntp advisories today, CVE-2015-1798 and CVE-2015-1799, CERT VU#374268
> CVE-2015-1798 seems version limited to
> Affects: All NTP4 releases starting with ntp-4.2.5p99 up to but not including ntp-4.2.8p2 where the installation uses symmetric keys to authenticate remote associations. .
> Ciao, Marcus

Was just about to post a note about this, you beat me to it =)

These issues were discovered by Miroslav Lichvár of Red Hat, more info
in our BZ's:

Also note that CVE-2015-1799 also affects chrony, different code base so
different CVE:

Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ