|CVE Description||CVSSv2 Base Score||Component||Product||Resolution|
|CVE-2014-9295 Buffer Error vulnerability |
CVE-2014-9296 Coding Error vulnerability
|7.5||NTP V4||Solaris 11.2||22.214.171.124.0|
|Solaris 10||SPARC: 143725-05 X86: 143726-05|
|NTP V3||Solaris 10||SPARC: 148881-03 X86: 148882-03|
Please log a support request via My Oracle Support to get access to the IDRs.
Latest version of NTP shipped with Solaris 10 and Solaris 11.2 is not impacted by CVE-2014-9293 and CVE-2014-9294.
Please upgrade to Solaris 11.1 SRU 13.6 to install the Solaris 11.1 IDR.
NTP service on Solaris 10 needs to be restarted for the patches to take effect. You can restart the daemon by using
# svcadm restart ntp (for NTPv3) or # svcadm restart ntp4 (for NTPv4)
NTPv3 is not vulnerable to CVE-2014-9296.
Please see http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities for workaround instructions.
This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.