On 12/21/14 19:43, Aaron Gray wrote:
It should be 4.2.8 now as there are new vulnerabilities !
The following updates was submitted for testing at 2014-12-19.
For F19 in updates-testing
ntp-4.2.6p5-13.fc19
For F20 in updates-testing
ntp-4.2.6p5-19.fc20
For F21 in updates testing
ntp-4.2.6p5-25.fc21
All fixes the following bugs
1176191 - CVE-2014-9296: CVE-2014-9294 CVE-2014-9295 CVE-2014-9293
ntp: various flaws [fedora-all]
1176032 - CVE-2014-9293: ntp: automatic generation of weak default
key in config_auth()
1176035 - CVE-2014-9294: ntp: ntp-keygen uses weak random number
generator and seed when generating MD5 keys
1176037 - CVE-2014-9295: ntp: Multiple buffer overflows via
specially-crafted packets
1176040 - CVE-2014-9296: ntp: receive() missing return on error
If you are interested in NTP, install the test updates, and test them,
and then give good (or bad) karma for faster release at
<https://admin.fedoraproject.org/updates>
Lars
--
Lars E. Pettersson <lars@xxxxxxxx>
http://www.sm6rpz.se/
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
