SUSE-SU-2016:1175-1: important: Security update for ntp

sle-security-updates at sle-security-updates at
Thu Apr 28 11:09:34 MDT 2016

   SUSE Security Update: Security update for ntp

Announcement ID:    SUSE-SU-2016:1175-1
Rating:             important
References:         #782060 #784760 #916617 #951559 #951629 #956773 
                    #962318 #962784 #962802 #962960 #962966 #962970 
                    #962988 #962994 #962995 #962997 #963000 #963002 
                    #975496 #975981 
Cross-References:   CVE-2015-5300 CVE-2015-7973 CVE-2015-7974
                    CVE-2015-7975 CVE-2015-7976 CVE-2015-7977
                    CVE-2015-7978 CVE-2015-7979 CVE-2015-8138
                    CVE-2015-8139 CVE-2015-8140 CVE-2015-8158
Affected Products:
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4

   An update that solves 12 vulnerabilities and has 8 fixes is
   now available.


   ntp was updated to version 4.2.8p6 to fix 12 security issues.

   These security issues were fixed:
   - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).
   - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).
   - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated
     broadcast mode (bsc#962784).
   - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction
     list (bsc#963000).
   - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).
   - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in
     filenames (bsc#962802).
   - CVE-2015-7975: nextvar() missing length check (bsc#962988).
   - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation
     between authenticated peers (bsc#962960).
   - CVE-2015-7973: Replay attack on authenticated broadcast mode
   - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).
   - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).
   - CVE-2015-5300: MITM attacker could have forced ntpd to make a step
     larger than the panic threshold (bsc#951629).

   These non-security issues were fixed:
   - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP
     (--enable-ntp-signd).  This replaces the w32 patches in 4.2.4 that added
     the authreg directive.
   - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in
     start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which
     caused the synchronization to fail.
   - bsc#782060: Speedup ntpq.
   - bsc#916617: Add /var/db/ntp-kod.
   - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen
     quite a lot on loaded systems.
   - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST.
   - Add ntp-fork.patch and build with threads disabled to allow name
     resolution even when running chrooted.
   - bsc#784760: Remove local clock from default configuration

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-ntp-12533=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-ntp-12533=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):


   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):



More information about the sle-security-updates mailing list