Advisories » MGASA-2018-0371

Updated ntp packages fix security vulnerability

Publication date: 13 Sep 2018
Modification date: 13 Sep 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-12327

Description

Updated ntp packages fix security vulnerability:

Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11
allows an attacker to achieve code execution or escalate to higher
privileges via a long string as the argument for an IPv4 or IPv6
command-line parameter (CVE-2018-12327).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23505
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/437XM4CMBCMPK7D2RSEUZIRLFZD5ZNRD/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12327

SRPMS

6/core

• ntp-4.2.8p12-1.mga6