| Errata ID | 212 |
|---|---|
| Date | 2015-06-17 |
| Source package | ntp |
| Fixed in version | 1:4.2.6.p5+dfsg-2.43.201506051324 |
| Description | These vulnerabilities have been fixed in ntp: * Man-in-the-middle attackers may spoof packets by omitting the MAC because the symmetric-key feature in the receive function in ntp_proto.c requires a correct MAC only if the MAC field has a nonzero length (CVE-2015-1798) * Man-in-the-middle attackers may cause a denial of service (synchronization loss) by spoofing the source IP address of a peer because the symmetric-key feature in the receive function in ntp_proto.c performs state-variable updates upon receiving certain invalid packets (CVE-2015-1799) |
| Additional notes | |
| CVE ID | CVE-2015-1798 CVE-2015-1799 |
| UCS Bug number | #38244 |
