Overview

File _patchinfo of Package patchinfo.500

<patchinfo incident="500">
  <packager>msmeissn</packager>
  <issue tracker="bnc" id="918342">slew mode on ntp client does not work properly for Leap Second</issue>
  <issue tracker="bnc" id="924202">VUL-0: CVE-2015-1798  CVE-2015-1799: two new ntp flaws</issue>
  <issue tracker="bnc" id="928321">ntp-keygen may generate non-random symmetric keys on big-endian systems</issue>
  <issue tracker="cve" id="CVE-2015-1798"></issue>
  <issue tracker="cve" id="CVE-2015-1799"></issue>
  <issue tracker="cve" id="CVE-2015-3405"></issue>
  <category>security</category>
  <rating>moderate</rating>
  <summary>Security update for ntp</summary>
  <description>ntp was updated to fix two security related flaws as well as "slew" mode handling for leap seconds. 

The following vulnerabilities were fixe:

* ntpd could accept unauthenticated packets with symmetric key crypto. (CVE-2015-1798)
* ntpd authentication did not protect symmetric associations against DoS attacks (CVE-2015-1799)
* ntp-keygen may generate non-random symmetric keys on big-endian systems (bsc#928321, CVE-2015-3405).

The following non-security issues were fixed:

* Fix slew mode for leap seconds (bnc#918342).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places