Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:2142-1

Опубликовано: 09 мая 2023
Источник: suse-cvrf

Описание

Security update for ntp

This update for ntp fixes the following issues:

Fixed multiple out of bound writes: CVE-2023-26551 (bsc#1210386), CVE-2023-26552 (bsc#1210388), CVE-2023-26553 (bsc#1210387), CVE-2023-26554 (bsc#1210389).

Список пакетов

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
ntp-4.2.8p15-150000.4.22.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
ntp-4.2.8p15-150000.4.22.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
ntp-4.2.8p15-150000.4.22.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
ntp-4.2.8p15-150000.4.22.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
ntp-4.2.8p15-150000.4.22.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
ntp-4.2.8p15-150000.4.22.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
ntp-4.2.8p15-150000.4.22.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
ntp-4.2.8p15-150000.4.22.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
ntp-4.2.8p15-150000.4.22.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
ntp-4.2.8p15-150000.4.22.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
ntp-4.2.8p15-150000.4.22.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
ntp-4.2.8p15-150000.4.22.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
ntp-4.2.8p15-150000.4.22.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
ntp-4.2.8p15-150000.4.22.1
SUSE Linux Enterprise Module for Legacy 15 SP4
ntp-4.2.8p15-150000.4.22.1
openSUSE Leap 15.4
ntp-4.2.8p15-150000.4.22.1
ntp-doc-4.2.8p15-150000.4.22.1

Ссылки

Описание

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:ntp-4.2.8p15-150000.4.22.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:ntp-4.2.8p15-150000.4.22.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:ntp-4.2.8p15-150000.4.22.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:ntp-4.2.8p15-150000.4.22.1
Ссылки

Описание

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:ntp-4.2.8p15-150000.4.22.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:ntp-4.2.8p15-150000.4.22.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:ntp-4.2.8p15-150000.4.22.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:ntp-4.2.8p15-150000.4.22.1
Ссылки

Описание

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:ntp-4.2.8p15-150000.4.22.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:ntp-4.2.8p15-150000.4.22.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:ntp-4.2.8p15-150000.4.22.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:ntp-4.2.8p15-150000.4.22.1
Ссылки

Описание

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:ntp-4.2.8p15-150000.4.22.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:ntp-4.2.8p15-150000.4.22.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:ntp-4.2.8p15-150000.4.22.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:ntp-4.2.8p15-150000.4.22.1
Ссылки