Launchpad CVE tracker

CVE 2015-7975

The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).

Related bugs and status

CVE-2015-7975 (Candidate) is related to these bugs:

Bug #1528050: NTP statsdir cleanup cronjob insecure

		In	Importance	Status
1528050	NTP statsdir cleanup cronjob insecure	ntp (Ubuntu)	Undecided	Fix Released
1528050	NTP statsdir cleanup cronjob insecure	ntp (Ubuntu Wily)	Undecided	Won't Fix
1528050	NTP statsdir cleanup cronjob insecure	ntp (Ubuntu Xenial)	Undecided	Fix Released

Bug #1567540: ntpd crashed with SIGABRT (was: ntp crashes everytime the network goes up or down.)

		In	Importance	Status
1567540	ntpd crashed with SIGABRT (was: ntp crashes everytime the network goes up or down.)	ntp (Ubuntu)	High	Fix Released
1567540	ntpd crashed with SIGABRT (was: ntp crashes everytime the network goes up or down.)	NTP	High	Fix Released
1567540	ntpd crashed with SIGABRT (was: ntp crashes everytime the network goes up or down.)	ntp (Ubuntu Xenial)	High	Fix Released

Bug #1582767: apparmor permissions missing for winbind

		In	Importance	Status
1582767	apparmor permissions missing for winbind	ntp (Ubuntu)	Medium	Fix Released
1582767	apparmor permissions missing for winbind	ntp (Ubuntu Xenial)	Undecided	Won't Fix
1582767	apparmor permissions missing for winbind	ntp (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2015-7975

References