SUSE-SU-2014:1686-2: critical: Security update for xntp

sle-updates at sle-updates at
Wed Dec 24 00:05:35 MST 2014

   SUSE Security Update: Security update for xntp

Announcement ID:    SUSE-SU-2014:1686-2
Rating:             critical
References:         #910764 
Cross-References:   CVE-2014-9295
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4 LTSS

   An update that fixes one vulnerability is now available.


   This ntp update fixes the following critical security issue:

       * A potential remote code execution problem was found inside ntpd. The
         functions crypto_recv() (when using autokey authentication) and
         ctl_putdata() where updated to avoid buffer overflows that could
         have been exploited. (CVE-2014-9295 / VU#852879)

   Security Issues:

       * CVE-2014-9295

Package List:

   - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64):



More information about the sle-updates mailing list