728x90
NTF’s Network Time Protocol (NTP) Project released ntp-4.2.8p9 on 21 November 2016, its first update since ntp-4.2.8p8 was released in June. The latest version addresses the following:
- 1 HIGH severity vulnerability that only affects Windows
- 2 MEDIUM severity vulnerabilities
- 2 MEDIUM/LOW severity vulnerabilities
- 5 LOW severity vulnerabilities
- 28 non-security fixes and improvements
All of the security issues in this release are included in VU#633847.
- Sec 3119 / CVE-2016-9311: Trap crash
- Reported by Matthew Van Gundy of Cisco ASIG.
- Sec 3118 / CVE-2016-9310: Mode 6 unauthenticated trap information disclosure and DDoS vector
- Reported by Matthew Van Gundy of Cisco ASIG.
- Sec 3114 / CVE-2016-7427: Broadcast Mode Replay Prevention DoS
- Reported by Matthew Van Gundy of Cisco ASIG.
- Sec 3113 / CVE-2016-7428: Broadcast Mode Poll Interval Enforcement DoS
- Reported by Matthew Van Gundy of Cisco ASIG.
- Sec 3110 / CVE-2016-9312: Windows: ntpd DoS by oversized UDP packet
- Reported by Robert Pajak of ABB.
- Sec 3102 / CVE-2016-7431: Regression: 010-origin: Zero Origin Timestamp Bypass
- Reported by Sharon Goldberg and Aanchal Malhotra of Boston University.
- Sec 3082 / CVE-2016-7434: Null pointer dereference in
_IO_str_init_static_internal()
- Reported by Magnus Stubman.
- Sec 3072 / CVE-2016-7429: Interface selection attack
- Reported by Miroslav Lichvar of Red Hat.
- Sec 3071 / CVE-2016-7426: Client rate limiting and server responses
- Reported by Miroslav Lichvar of Red Hat.
- Sec 3067 / CVE-2016-7433: Reboot sync calculation problem
- Reported independently by Brian Utterback of Oracle, and by Sharon Goldberg and Aanchal Malhotra of Boston University.
728x90
'취약점 정보2' 카테고리의 다른 글
삼성 smart security update (0) | 2016.11.28 |
---|---|
LG 모바일 11월 업데이트 패치 (0) | 2016.11.28 |
팟플레이어 업데이트 안내 (0) | 2016.11.21 |
Apache Struts2의 취약성 대책 정보 목록 (0) | 2016.11.20 |
"Red Hat Enterprise Linux 4 및 5 '가 2017 년 3 월 31 일 동시 지원 종료 (0) | 2016.11.20 |