Date: Tue, 07 Apr 2015 10:49:21 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: ntp security release today On 04/07/2015 09:48 AM, Marcus Meissner wrote: > Hi, > > ntp.org has released ntp advisories today, CVE-2015-1798 and CVE-2015-1799, CERT VU#374268 > > http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities > > CVE-2015-1798 seems version limited to > Affects: All NTP4 releases starting with ntp-4.2.5p99 up to but not including ntp-4.2.8p2 where the installation uses symmetric keys to authenticate remote associations. . > > Ciao, Marcus Was just about to post a note about this, you beat me to it =) These issues were discovered by Miroslav Lichvár of Red Hat, more info in our BZ's: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1798 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1799 Also note that CVE-2015-1799 also affects chrony, different code base so different CVE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1853 -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ