[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

SUSE-SU-2016:1247-1 -- Suse ntp

ID: oval:org.secpod.oval:def:400676Date: (C)2016-12-27   (M)2024-01-29
Class: PATCHFamily: unix




ntp was updated to version 4.2.8p6 to fix 28 security issues. Major functional changes: - The "sntp" commandline tool changed its option handling in a major way, some options have been renamed or dropped. - "controlkey 1" is added during update to ntp.conf to allow sntp to work. - The local clock is being disabled during update. - ntpd is no longer running chrooted. Other functional changes: - ntp-signd is installed. - "enable mode7" can be added to the configuration to allow ntdpc to work as compatibility mode option. - "kod" was removed from the default restrictions. - SHA1 keys are used by default instead of MD5 keys. Also yast2-ntp-client was updated to match some sntp syntax changes. These security issues were fixed: - CVE-2015-8158: Fixed potential infinite loop in ntpq . - CVE-2015-8138: Zero Origin Timestamp Bypass . - CVE-2015-7979: Off-path Denial of Service attack on authenticated broadcast mode . - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list . - CVE-2015-7977: reslist NULL pointer dereference . - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames . - CVE-2015-7975: nextvar missing length check . - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers . - CVE-2015-7973: Replay attack on authenticated broadcast mode . - CVE-2015-8140: ntpq vulnerable to replay attacks . - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin . - CVE-2015-5300: MITM attacker could have forced ntpd to make a step larger than the panic threshold . - CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK . - CVE-2015-7855: decodenetnum will ASSERT botch instead of returning FAIL on some bogus values . - CVE-2015-7854: Password Length Memory Corruption Vulnerability . - CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow . - CVE-2015-7852: ntpq atoascii Memory Corruption Vulnerability . - CVE-2015-7851: saveconfig Directory Traversal Vulnerability . - CVE-2015-7850: remote config logfile-keyfile . - CVE-2015-7849: trusted key use-after-free . - CVE-2015-7848: mode 7 loop counter underrun . - CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC . - CVE-2015-7703: configuration directives "pidfile" and "driftfile" should only be allowed locally . - CVE-2015-7704, CVE-2015-7705: Clients that receive a KoD should validate the origin timestamp field . - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702: Incomplete autokey data packet length checks . These non-security issues were fixed: - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP . This replaces the w32 patches in 4.2.4 that added the authreg directive. - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. - bsc#782060: Speedup ntpq. - bsc#916617: Add /var/db/ntp-kod. - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems. - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST. - Add ntp-fork.patch and build with threads disabled to allow name resolution even when running chrooted. - Add a controlkey line to /etc/ntp.conf if one does not already exist to allow runtime configuuration via ntpq. - bsc#946386: Temporarily disable memlock to avoid problems due to high memory usage during name resolution. - bsc#905885: Use SHA1 instead of MD5 for symmetric keys. - Improve runtime configuration: * Read keytype from ntp.conf * Don"t write ntp keys to syslog. - Fix legacy action scripts to pass on command line arguments. - bsc#944300: Remove "kod" from the restrict line in ntp.conf. - bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd. - Add a controlkey to ntp.conf to make the above work. - Don"t let "keysdir" lines in ntp.conf trigger the "keys" parser. - Disable mode 7 again, now that we don"t use it anymore. - Add "addserver" as a new legacy action. - bsc#910063: Fix the comment regarding addserver in ntp.conf. - bsc#926510: Disable chroot by default. - bsc#920238: Enable ntpdc for backwards compatibility.

Platform:
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Server 12
Product:
ntp
Reference:
SUSE-SU-2016:1247-1
CVE-2015-5300
CVE-2015-7691
CVE-2015-7692
CVE-2015-7701
CVE-2015-7702
CVE-2015-7703
CVE-2015-7704
CVE-2015-7705
CVE-2015-7848
CVE-2015-7849
CVE-2015-7850
CVE-2015-7851
CVE-2015-7852
CVE-2015-7853
CVE-2015-7854
CVE-2015-7855
CVE-2015-7871
CVE-2015-7973
CVE-2015-7974
CVE-2015-7975
CVE-2015-7976
CVE-2015-7977
CVE-2015-7978
CVE-2015-7979
CVE-2015-8138
CVE-2015-8139
CVE-2015-8140
CVE-2015-8158
CVE    28
CVE-2015-7851
CVE-2015-7701
CVE-2015-7703
CVE-2015-7702
...
CPE    800
cpe:/a:ntp:ntp:4.2.7:p278
cpe:/a:ntp:ntp:4.2.7:p279
cpe:/a:ntp:ntp:4.2.7:p276
cpe:/a:ntp:ntp:4.2.7:p277
...

© SecPod Technologies