Overview

File _patchinfo of Package patchinfo.285

<patchinfo incident="285">
  <issue id="910764" tracker="bnc">VUL-0: CVE-2014-9295: ntp: VU#852879: remote buffer overflow and weak cryptography</issue>
  <issue id="CVE-2014-9296" tracker="cve" />
  <issue id="CVE-2014-9295" tracker="cve" />
  <category>security</category>
  <rating>critical</rating>
  <packager>rmax</packager>
  <description>
The network timeservice ntp was updated to fix critical security
issues (bnc#910764, CERT VU#852879)

* A potential remote code execution problem was found inside
  ntpd. The functions crypto_recv() (when using autokey
  authentication), ctl_putdata(), and configure() where updated
  to avoid buffer overflows that could be
  exploited. (CVE-2014-9295)
* Furthermore a problem inside the ntpd error handling was found
  that is missing a return statement. This could also lead to a
  potentially attack vector. (CVE-2014-9296)
</description>
  <summary>Security update for ntp</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places