Описание
Security update for ntp
This update for ntp fixes the following issues:
ntp was updated to 4.2.8p9.
Security issues fixed:
- CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector.
- CVE-2016-7427, bsc#1011390: Broadcast Mode Replay Prevention DoS.
- CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval Enforcement DoS.
- CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero Origin Timestamp Bypass.
- CVE-2016-7434, bsc#1011398: Null pointer dereference in _IO_str_init_static_internal().
- CVE-2016-7429, bsc#1011404: Interface selection attack.
- CVE-2016-7426, bsc#1011406: Client rate limiting and server responses.
- CVE-2016-7433, bsc#1011411: Reboot sync calculation problem.
- CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216).
Non-security issues fixed:
- Fix a spurious error message.
- Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog.
- Fix a regression in 'trap' (bsc#981252).
- Reduce the number of netlink groups to listen on for changes to the local network setup (bsc#992606).
- Fix segfault in 'sntp -a' (bsc#1009434).
- Silence an OpenSSL version warning (bsc#992038).
- Make the resolver task change user and group IDs to the same values as the main task. (bsc#988028)
- Simplify ntpd's search for its own executable to prevent AppArmor warnings (bsc#956365).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
Ссылки
- Link for SUSE-SU-2016:3195-1
- E-Mail link for SUSE-SU-2016:3195-1
- SUSE Security Ratings
- SUSE Bug 1009434
- SUSE Bug 1011377
- SUSE Bug 1011390
- SUSE Bug 1011395
- SUSE Bug 1011398
- SUSE Bug 1011404
- SUSE Bug 1011406
- SUSE Bug 1011411
- SUSE Bug 1011417
- SUSE Bug 943216
- SUSE Bug 956365
- SUSE Bug 981252
- SUSE Bug 988028
- SUSE Bug 992038
- SUSE Bug 992606
- SUSE CVE CVE-2015-5219 page
- SUSE CVE CVE-2016-7426 page
Описание
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
Затронутые продукты
Ссылки
- CVE-2015-5219
- SUSE Bug 1010964
- SUSE Bug 943216
- SUSE Bug 943218
- SUSE Bug 943219
- SUSE Bug 943221
- SUSE Bug 959243
Описание
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
Затронутые продукты
Ссылки
- CVE-2016-7426
- SUSE Bug 1011406
- SUSE Bug 1011421
- SUSE Bug 1012330
Описание
The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.
Затронутые продукты
Ссылки
- CVE-2016-7427
- SUSE Bug 1011390
- SUSE Bug 1011421
- SUSE Bug 1012330
Описание
ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.
Затронутые продукты
Ссылки
- CVE-2016-7428
- SUSE Bug 1011417
- SUSE Bug 1011421
- SUSE Bug 1012330
Описание
NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.
Затронутые продукты
Ссылки
- CVE-2016-7429
- SUSE Bug 1011404
- SUSE Bug 1011421
- SUSE Bug 1012330
Описание
NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.
Затронутые продукты
Ссылки
- CVE-2016-7431
- SUSE Bug 1011395
- SUSE Bug 1011421
- SUSE Bug 1012330
Описание
NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."
Затронутые продукты
Ссылки
- CVE-2016-7433
- SUSE Bug 1011411
- SUSE Bug 1011421
- SUSE Bug 1012330
Описание
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
Затронутые продукты
Ссылки
- CVE-2016-7434
- SUSE Bug 1011398
- SUSE Bug 1011421
- SUSE Bug 1012330
Описание
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
Затронутые продукты
Ссылки
- CVE-2016-9310
- SUSE Bug 1011377
- SUSE Bug 1011421
- SUSE Bug 1012330
Описание
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
Затронутые продукты
Ссылки
- CVE-2016-9311
- SUSE Bug 1011377
- SUSE Bug 1011421
- SUSE Bug 1012330