[ GLSA 201412-34 ] NTP: Multiple vulnerabilities

[GLSA]

Gentoo Linux Security Advisory

Title: NTP: Multiple vulnerabilities (GLSA 201412-34)
Severity: high
Exploitable: remote
Date: December 24, 2014
Bug(s): #533076
ID: 201412-34

Synopsis

Multiple vulnerabilities have been found in NTP, the worst of which
could result in remote execution of arbitrary code.


Background

NTP is a protocol designed to synchronize the clocks of computers over a
network. The net-misc/ntp package contains the official reference
implementation by the NTP Project.


Affected Packages

Package: net-misc/ntp
Vulnerable: < 4.2.8
Unaffected: >= 4.2.8
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in NTP. Please review the
CVE identifiers referenced below for details.


Impact

A remote unauthenticated attacker may be able to execute arbitrary code
with the privileges of the process, cause a Denial of Service condition,
and obtain sensitive information that could assist in other attacks.


Workaround

There is no known workaround at this time.

Resolution

All NTP users should upgrade to the latest version: