Bugzilla – Bug 1214024
VUL-0: CVE-2023-4012: ntpsec: crash after client request
Last modified: 2023-08-07 09:17:53 UTC
CVE-2023-4012 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5466-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 04, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ntpsec CVE ID : CVE-2023-4012 Debian Bug : 1038422 It was discovered that ntpd in ntpsec, a secure, hardened, and improved implementation derived from the original NTP project, could crash if NTS is disabled and an NTS-enabled client request (mode 3) is received. For the stable distribution (bookworm), this problem has been fixed in version 1.2.2+dfsg1-1+deb12u1. We recommend that you upgrade your ntpsec packages. For the detailed security status of ntpsec please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ntpsec Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4012 https://bugzilla.redhat.com/show_bug.cgi?id=2229288 https://security-tracker.debian.org/tracker/DSA-5466-1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038422 https://gitlab.com/NTPsec/ntpsec/-/issues/794
Relevant for openSUSE:Factory/ntpsec