Ubuntu has issued an advisory on October 27: http://www.ubuntu.com/usn/usn-2783-1/ They patched three more CVEs that Fedora missed. Patched packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated ntp packages fix security vulnerabilities: Yves Younan discovered that NTP incorrectly handled logfile and keyfile directives. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to enter a loop, resulting in a denial of service (CVE-2015-7850). Yves Younan discovered that NTP incorrectly handled reference clock memory. A malicious refclock could possibly use this issue to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2015-7853). John D "Doug" Birdwell discovered that NTP incorrectly handled decoding certain bogus values. An attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service (CVE-2015-7855). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855 http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner http://www.ubuntu.com/usn/usn-2783-1/ ======================== Updated packages in core/updates_testing: ======================== ntp-4.2.6p5-24.3.mga5 ntp-client-4.2.6p5-24.3.mga5 ntp-doc-4.2.6p5-24.3.mga5 from ntp-4.2.6p5-24.3.mga5.src.rpm Reproducible: Steps to Reproduce:
Keywords: (none) => validated_updateWhiteboard: (none) => advisory MGA5-64-OKCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0418.html
Status: NEW => RESOLVEDResolution: (none) => FIXED