Описание
Security update for ntp
ntp was updated to version 4.2.8p8 to fix five security issues.
These security issues were fixed:
- CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065).
- CVE-2016-4954: Processing spoofed server packets (bsc#982066).
- CVE-2016-4955: Autokey association reset (bsc#982067).
- CVE-2016-4956: Broadcast interleave (bsc#982068).
- CVE-2016-4957: CRYPTO_NAK crash (bsc#982064).
These non-security issues were fixed:
- Keep the parent process alive until the daemon has finished initialisation, to make sure that the PID file exists when the parent returns.
- bsc#979302: Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice.
- bsc#981422: Don't ignore SIGCHILD because it breaks wait().
- bsc#979981: ntp-wait does not accept fractional seconds, so use 1 instead of 0.2 in ntp-wait.service.
- Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by 'rcntp addserver'.
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
Ссылки
- Link for SUSE-SU-2016:1563-1
- E-Mail link for SUSE-SU-2016:1563-1
- SUSE Security Ratings
- SUSE Bug 979302
- SUSE Bug 979981
- SUSE Bug 981422
- SUSE Bug 982056
- SUSE Bug 982064
- SUSE Bug 982065
- SUSE Bug 982066
- SUSE Bug 982067
- SUSE Bug 982068
- SUSE CVE CVE-2016-4953 page
- SUSE CVE CVE-2016-4954 page
- SUSE CVE CVE-2016-4955 page
- SUSE CVE CVE-2016-4956 page
- SUSE CVE CVE-2016-4957 page
Описание
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
Затронутые продукты
Ссылки
- CVE-2016-4953
- SUSE Bug 962784
- SUSE Bug 977459
- SUSE Bug 982056
- SUSE Bug 982065
Описание
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.
Затронутые продукты
Ссылки
- CVE-2016-4954
- SUSE Bug 982056
- SUSE Bug 982066
Описание
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.
Затронутые продукты
Ссылки
- CVE-2016-4955
- SUSE Bug 982056
- SUSE Bug 982067
Описание
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.
Затронутые продукты
Ссылки
- CVE-2016-4956
- SUSE Bug 977461
- SUSE Bug 982056
- SUSE Bug 982068
Описание
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
Затронутые продукты
Ссылки
- CVE-2016-4957
- SUSE Bug 977459
- SUSE Bug 982056
- SUSE Bug 982064