Wind River Support Network

HomeSecurity NoticesWind River Security Alert for 2 NTP vulnerabilities (CVE-2014-9297 & CVE-2014-9298)
Recommended

Wind River Security Alert for 2 NTP vulnerabilities (CVE-2014-9297 & CVE-2014-9298)

Released: Feb 5, 2015     Updated: Feb 5, 2015

Summary

Wind River Security Alert for 2 NTP vulnerabilities (CVE-2014-9297 & CVE-2014-9298)


Affected Product Versions

Wind River Linux 4, Wind River Linux 5, Wind River Linux 6

Downloads


Description

Wind River Security Alert for 2 NTP vulnerabilities (CVE-2014-9297 & CVE-2014-9298)


This alert confirms that the following Wind River Linux releases ARE SUSCEPTIBLE to the NTP vulnerabilities. The vulnerabilities affect Wind River Linux 2.0.x/3.0.x/4.3.0.x/5.0.1.x/6.0.0.x/7.0.0.x.


Vulnerabilities description:
=========================
CVE-2014-9297

http://www.scip.ch/en/?vuldb.68640

CVE-2014-9298

http://www.scip.ch/en/?vuldb.68641


Solution:
=========
We will fix both of them in WRLinux 4.3.0.29/5.0.1.23/6.0.0.17/7.0.0.2, except for 4.3.0.29, other three versions will be released 9 Feb.

In the meantime, you can apply the source patches.


The 2.0.x/3.0.x are End of Life (EOL), please contact Wind River Support at +1-800-872-4977 or your local Wind River representative for the Wind River Linux 2.0.x/3.0.x fix.


Live chat
Online