Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:1047-1

Опубликовано: 18 апр. 2017
Источник: suse-cvrf

Описание

Security update for ntp

This ntp update to version 4.2.8p10 fixes serveral issues.

This updated enables leap smearing. See /usr/share/doc/packages/ntp/README.leapsmear for details.

Security issues fixed (bsc#1030050):

  • CVE-2017-6464: Denial of Service via Malformed Config
  • CVE-2017-6462: Buffer Overflow in DPTS Clock
  • CVE-2017-6463: Authenticated DoS via Malicious Config Option
  • CVE-2017-6458: Potential Overflows in ctl_put() functions
  • CVE-2017-6451: Improper use of snprintf() in mx4200_send()
  • CVE-2017-6460: Buffer Overflow in ntpq when fetching reslist
  • CVE-2016-9042: 0rigin (zero origin) DoS.
  • ntpq_stripquotes() returns incorrect Value
  • ereallocarray()/eallocarray() underused
  • Copious amounts of Unused Code
  • Off-by-one in Oncore GPS Receiver
  • Makefile does not enforce Security Flags

Bugfixes:

  • Remove spurious log messages (bsc#1014172).
  • clang scan-build findings
  • Support for openssl-1.1.0 without compatibility modes
  • Bugfix 3072 breaks multicastclient
  • forking async worker: interrupted pipe I/O
  • (...) time_pps_create: Exec format error
  • Incorrect Logic for Peer Event Limiting
  • Change the process name of forked DNS worker
  • Trap Configuration Fail
  • Nothing happens if minsane < maxclock < minclock
  • allow -4/-6 on restrict line with mask
  • out-of-bound pointers in ctl_putsys and decode_bitflags
  • Move ntp-kod to /var/lib/ntp, because /var/db is not a standard directory and causes problems for transactional updates.

Список пакетов

SUSE Linux Enterprise Server 12-LTSS
ntp-4.2.8p10-46.23.1
ntp-doc-4.2.8p10-46.23.1
SUSE Linux Enterprise Server for SAP Applications 12
ntp-4.2.8p10-46.23.1
ntp-doc-4.2.8p10-46.23.1

Ссылки

Описание

An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.

Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p10-46.23.1
SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p10-46.23.1
SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p10-46.23.1
SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p10-46.23.1
Ссылки

Описание

The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write.

Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p10-46.23.1
SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p10-46.23.1
SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p10-46.23.1
SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p10-46.23.1
Ссылки

Описание

Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.

Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p10-46.23.1
SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p10-46.23.1
SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p10-46.23.1
SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p10-46.23.1
Ссылки

Описание

Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.

Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p10-46.23.1
SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p10-46.23.1
SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p10-46.23.1
SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p10-46.23.1
Ссылки

Описание

Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.

Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p10-46.23.1
SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p10-46.23.1
SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p10-46.23.1
SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p10-46.23.1
Ссылки

Описание

NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.

Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p10-46.23.1
SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p10-46.23.1
SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p10-46.23.1
SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p10-46.23.1
Ссылки

Описание

NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.

Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p10-46.23.1
SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p10-46.23.1
SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p10-46.23.1
SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p10-46.23.1
Ссылки
Уязвимость SUSE-SU-2017:1047-1