[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

SUSE-SU-2016:1177-1 -- Suse ntp

ID: oval:org.secpod.oval:def:400775Date: (C)2016-11-22   (M)2024-01-29
Class: PATCHFamily: unix




ntp was updated to version 4.2.8p6 to fix 12 security issues. Also yast2-ntp-client was updated to match some sntp syntax changes. These security issues were fixed: - CVE-2015-8158: Fixed potential infinite loop in ntpq . - CVE-2015-8138: Zero Origin Timestamp Bypass . - CVE-2015-7979: Off-path Denial of Service attack on authenticated broadcast mode . - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list . - CVE-2015-7977: reslist NULL pointer dereference . - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames . - CVE-2015-7975: nextvar missing length check . - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers . - CVE-2015-7973: Replay attack on authenticated broadcast mode . - CVE-2015-8140: ntpq vulnerable to replay attacks . - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin . - CVE-2015-5300: MITM attacker could have forced ntpd to make a step larger than the panic threshold . These non-security issues were fixed: - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP . This replaces the w32 patches in 4.2.4 that added the authreg directive. - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. - bsc#782060: Speedup ntpq. - bsc#916617: Add /var/db/ntp-kod. - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems. - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST. - Add ntp-fork.patch and build with threads disabled to allow name resolution even when running chrooted.

Platform:
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Desktop 12 SP1
Product:
ntp
Reference:
SUSE-SU-2016:1177-1
CVE-2015-5300
CVE-2015-7973
CVE-2015-7974
CVE-2015-7975
CVE-2015-7976
CVE-2015-7977
CVE-2015-7978
CVE-2015-7979
CVE-2015-8138
CVE-2015-8139
CVE-2015-8140
CVE-2015-8158
CVE    12
CVE-2015-7976
CVE-2015-7975
CVE-2015-7978
CVE-2015-7977
...
CPE    800
cpe:/a:ntp:ntp:4.2.7:p278
cpe:/a:ntp:ntp:4.2.7:p279
cpe:/a:ntp:ntp:4.2.7:p276
cpe:/a:ntp:ntp:4.2.7:p277
...

© SecPod Technologies