{"id":"MGASA-2018-0195","summary":"Updated ntp packages fix security vulnerabilities","details":"This release addresses five security issues in ntpd for Mageia 6:\n\nLOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability:\nephemeral association attack While fixed in ntp-4.2.8p7, there are\nsignificant additional protections for this issue in 4.2.8p11.\nReported by Matt Van Gundy of Cisco.\n\nINFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer\nread overrun leads to undefined behavior and information leak\nReported by Yihan Lian of Qihoo 360.\n\nLOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated\nephemeral associations. Reported on the questions@ list.\n\nLOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode\ncannot recover from bad state. Reported by Miroslav Lichvar of Red Hat.\n\nLOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet\ncan reset authenticated interleaved association.\nReported by Miroslav Lichvar of Red Hat.\n\none security issue in ntpq:\nMEDIUM: Sec 3414 / CVE-2018-7183 / VU#961909: ntpq:decodearr() can write\nbeyond its buffer limit. Reported by Michael Macnair of Thales-esecurity.com.\n\nand provides over 33 bugfixes and 32 other improvements. ENotification\nof these issues were delivered to our Institutional members on a rolling\nbasis as they were reported and as progress was made.\n","modified":"2026-04-16T06:26:02.299342310Z","published":"2018-04-06T22:54:47Z","upstream":["CVE-2016-1549","CVE-2018-7170","CVE-2018-7182","CVE-2018-7183","CVE-2018-7184","CVE-2018-7185"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0195.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22850"},{"type":"WEB","url":"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"}],"affected":[{"package":{"name":"ntp","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/ntp?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.8p11-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0195.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}