https://community.extremenetworks.com/t5/extremewireless-wing/vn-2015-009-multiple-ntp-vulnerabilities/m-p/55513#M3716 Hi Jarek,<BR /> We're working on Rev3 of notice now and I've asked if we can get an answer to your question published with it. If the updates are going in 15.5.5 and 15.7.3, I would imagine we can get it in a 15.6.x release as well.<BR /> Tue, 03 Nov 2015 16:27:00 GMT Drew_C 2015-11-03T16:27:00Z https://community.extremenetworks.com/t5/extremewireless-wing/vn-2015-009-multiple-ntp-vulnerabilities/m-p/55511#M3714 Multiple vulnerabilities have been found and fixed in the software that implements the Network Time Protocol (NTP). These vulnerabilities range from memory corruption issues to conditions in which attackers can force an NTP daemon to adjust the local clock setting to a value that is maliciously influenced through an authentication bypass vulnerability.<BR /> Extreme Networks has posted its assessment of these vulnerabilities, described by <A href="http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner" target="_blank" rel="nofollow noreferrer noopener">numerous CVEs</A>.<BR /> <BR /> More information can be found in <A href="http://learn.extremenetworks.com/rs/641-VMV-602/images/VN-2015-009_Multiple_NTP_Vulnerabilities.pdf" target="_blank" rel="nofollow noreferrer noopener">this document</A>. It will be updated as more information is available.<BR /> Tue, 03 Nov 2015 03:55:00 GMT https://community.extremenetworks.com/t5/extremewireless-wing/vn-2015-009-multiple-ntp-vulnerabilities/m-p/55511#M3714 Drew_C 2015-11-03T03:55:00Z https://community.extremenetworks.com/t5/extremewireless-wing/vn-2015-009-multiple-ntp-vulnerabilities/m-p/55512#M3715 Hi Drew,<BR /> <BR /> I see that fix will be available for 15.5 and 15.7.<BR /> Do you have any plans to fix this in 15.6 ?<BR /> <BR /> --<BR /> Jarek<BR /> <BR /> Tue, 03 Nov 2015 16:27:00 GMT https://community.extremenetworks.com/t5/extremewireless-wing/vn-2015-009-multiple-ntp-vulnerabilities/m-p/55512#M3715 Jarek 2015-11-03T16:27:00Z https://community.extremenetworks.com/t5/extremewireless-wing/vn-2015-009-multiple-ntp-vulnerabilities/m-p/55513#M3716 Hi Jarek,<BR /> We're working on Rev3 of notice now and I've asked if we can get an answer to your question published with it. If the updates are going in 15.5.5 and 15.7.3, I would imagine we can get it in a 15.6.x release as well.<BR /> Tue, 03 Nov 2015 16:27:00 GMT https://community.extremenetworks.com/t5/extremewireless-wing/vn-2015-009-multiple-ntp-vulnerabilities/m-p/55513#M3716 Drew_C 2015-11-03T16:27:00Z https://community.extremenetworks.com/t5/extremewireless-wing/vn-2015-009-multiple-ntp-vulnerabilities/m-p/55514#M3717 The rev3 copy should be posted any minute now. In it, you'll find that target fixes are now listed for EXOS 21.1, 16.2, 16.1.3, 15.7.3, 15.6.4, and 15.5.5. Some of those actual release versions will be done as patches.<BR /> <BR /> EDIT: <A href="http://learn.extremenetworks.com/rs/641-VMV-602/images/VN-2015-009_Multiple_NTP_Vulnerabilities.pdf" target="_blank" rel="nofollow noreferrer noopener">It has been posted now</A> Tue, 03 Nov 2015 16:27:00 GMT https://community.extremenetworks.com/t5/extremewireless-wing/vn-2015-009-multiple-ntp-vulnerabilities/m-p/55514#M3717 Drew_C 2015-11-03T16:27:00Z