Wind River Security Alert for 2 NTP vulnerabilities (CVE-2014-9297 & CVE-2014-9298)
Wind River Security Alert for 2 NTP vulnerabilities (CVE-2014-9297 & CVE-2014-9298)
This alert confirms that the following Wind River Linux releases ARE SUSCEPTIBLE to the NTP vulnerabilities. The vulnerabilities affect Wind River Linux 2.0.x/3.0.x/4.3.0.x/5.0.1.x/6.0.0.x/7.0.0.x.
Vulnerabilities description:
=========================
CVE-2014-9297
http://www.scip.ch/en/?vuldb.68640
CVE-2014-9298
http://www.scip.ch/en/?vuldb.68641
Solution:
=========
We will fix both of them in WRLinux 4.3.0.29/5.0.1.23/6.0.0.17/7.0.0.2, except for 4.3.0.29, other three versions will be released 9 Feb.
In the meantime, you can apply the source patches.
The 2.0.x/3.0.x are End of Life (EOL), please contact Wind River Support at +1-800-872-4977 or your local Wind River representative for the Wind River Linux 2.0.x/3.0.x fix.