{"id":"MGASA-2020-0281","summary":"Updated ntp packages fix security vulnerability","details":"Updated ntp packages fix security vulnerability:\n\nntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote\nattackers to cause a denial of service (memory consumption) by sending\npackets, because memory is not freed in situations where a CMAC key is\nused and associated with a CMAC algorithm in the ntp.keys file\n(CVE-2020-15025)\n","modified":"2026-02-04T04:23:58.376389Z","published":"2020-07-05T19:48:23Z","related":["CVE-2020-15025"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0281.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26851"},{"type":"REPORT","url":"http://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea"},{"type":"REPORT","url":"http://support.ntp.org/bin/view/Main/NtpBug3661"}],"affected":[{"package":{"name":"ntp","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/ntp?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.8p15-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0281.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}