Advisories » MGASA-2020-0281

Updated ntp packages fix security vulnerability

Publication date: 05 Jul 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-15025

Description

Updated ntp packages fix security vulnerability:

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote
attackers to cause a denial of service (memory consumption) by sending
packets, because memory is not freed in situations where a CMAC key is
used and associated with a CMAC algorithm in the ntp.keys file
(CVE-2020-15025)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26851
• http://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea
• http://support.ntp.org/bin/view/Main/NtpBug3661
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15025

SRPMS

7/core

• ntp-4.2.8p15-1.mga7