Upgrade Oracle:6 libblkid-devel to version 0:2.17.2-12.4.el6 or higher. This issue was patched in ELSA-2011-1691 .

Resource Management Errors in libblkid-devel | CVE-2011-1675

Threat Intelligence

0.09% (41^st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Use of a Broken or Risky Cryptographic Algorithm vulnerabilities in an interactive lesson.

Start learning

Snyk IDSNYK-DEBIAN10-NTPSEC-1303147
published10 Jun 2021
disclosed8 Jun 2021

Report a new vulnerability Found a mistake?

Introduced: 8 Jun 2021

CVE-2021-22212 (opens in a new tab) CWE-327 (opens in a new tab)

Amendment

The Debian security team deemed this advisory irrelevant for Debian:10.

NVD Description

Note: Versions mentioned in the description apply only to the upstream ntpsec package and not the ntpsec package as distributed by Debian.

ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '#' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the '#'. This results in the administrator not being able to use the keys as expected or the keys are shorter than expected and easier to brute-force, possibly resulting in MITM attacks between ntp clients and ntp servers. For short AES128 keys, ntpd generates a warning that it is padding them.

Use of a Broken or Risky Cryptographic Algorithm The advisory has been revoked - it doesn't affect any version of package ntpsec (opens in a new tab)