SUSE-SU-2020:1805-1 -- SLES ntpID: oval:org.secpod.oval:def:89000374 | Date: (C)2021-02-23 (M)2024-01-29 |
Class: PATCH | Family: unix |
This update for ntp fixes the following issues: ntp was updated to 4.2.8p15 - CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service . - CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets . - CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim"s ntpd instance could have modified the victim"s clock by a limited amount . - CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys .
Platform: |
SUSE Linux Enterprise Server 12 SP3 |
SUSE Linux Enterprise Server 12 SP2 |
SUSE Linux Enterprise Server 12 SP5 |
SUSE Linux Enterprise Server 12 SP4 |