Overview

File _patchinfo of Package patchinfo.326

<patchinfo>
  <category>security</category>
  <rating>critical</rating>
  <packager>wrosenauer</packager>
  <summary>Security update for ntp</summary>
  <description>
The network timeservice ntp was updated to fix critical security issues
(bnc#910764, CERT VU#852879)
* A potential remote code execution problem was found inside ntpd. The
  functions crypto_recv() (when using autokey authentication),
  ctl_putdata(), and configure() where updated to avoid buffer overflows
  that could be exploited. (CVE-2014-9295)
* Furthermore a problem inside the ntpd error handling was found that is
  missing a return statement. This could also lead to a potentially attack
  vector. (CVE-2014-9296)
</description>
  <issue tracker="cve" id="CVE-2014-9295"/>
  <issue tracker="cve" id="CVE-2014-9296"/>
  <issue tracker="bnc" id="910764"/>
</patchinfo>
openSUSE Build Service is sponsored by
Places