SUSE-SU-2016:1912-1: important: Security update for ntp

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Jul 29 11:08:46 MDT 2016


   SUSE Security Update: Security update for ntp
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:1912-1
Rating:             important
References:         #782060 #784760 #905885 #910063 #916617 #920183 
                    #920238 #920893 #920895 #920905 #924202 #926510 
                    #936327 #943218 #943221 #944300 #951351 #951559 
                    #951629 #952611 #957226 #962318 #962784 #962802 
                    #962960 #962966 #962970 #962988 #962995 #963000 
                    #963002 #975496 #977450 #977451 #977452 #977455 
                    #977457 #977458 #977459 #977461 #977464 #979302 
                    #981422 #982056 #982064 #982065 #982066 #982067 
                    #982068 #988417 #988558 #988565 
Cross-References:   CVE-2015-1798 CVE-2015-1799 CVE-2015-5194
                    CVE-2015-5300 CVE-2015-7691 CVE-2015-7692
                    CVE-2015-7701 CVE-2015-7702 CVE-2015-7703
                    CVE-2015-7704 CVE-2015-7705 CVE-2015-7848
                    CVE-2015-7849 CVE-2015-7850 CVE-2015-7851
                    CVE-2015-7852 CVE-2015-7853 CVE-2015-7854
                    CVE-2015-7855 CVE-2015-7871 CVE-2015-7973
                    CVE-2015-7974 CVE-2015-7975 CVE-2015-7976
                    CVE-2015-7977 CVE-2015-7978 CVE-2015-7979
                    CVE-2015-8138 CVE-2015-8158 CVE-2016-1547
                    CVE-2016-1548 CVE-2016-1549 CVE-2016-1550
                    CVE-2016-1551 CVE-2016-2516 CVE-2016-2517
                    CVE-2016-2518 CVE-2016-2519 CVE-2016-4953
                    CVE-2016-4954 CVE-2016-4955 CVE-2016-4956
                    CVE-2016-4957
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4 LTSS
______________________________________________________________________________

   An update that solves 43 vulnerabilities and has 9 fixes is
   now available.

Description:


   NTP was updated to version 4.2.8p8 to fix several security issues and to
   ensure the continued maintainability of the package.

   These security issues were fixed:

       * CVE-2016-4953: Bad authentication demobilized ephemeral associations
         (bsc#982065).
       * CVE-2016-4954: Processing spoofed server packets (bsc#982066).
       * CVE-2016-4955: Autokey association reset (bsc#982067).
       * CVE-2016-4956: Broadcast interleave (bsc#982068).
       * CVE-2016-4957: CRYPTO_NAK crash (bsc#982064).
       * CVE-2016-1547: Validate crypto-NAKs to prevent ACRYPTO-NAK DoS
         (bsc#977459).
       * CVE-2016-1548: Prevent the change of time of an ntpd client or
         denying service to an ntpd client by forcing it to change from basic
         client/server mode to interleaved symmetric mode (bsc#977461).
       * CVE-2016-1549: Sybil vulnerability: ephemeral association attack
         (bsc#977451).
       * CVE-2016-1550: Improve security against buffer comparison timing
         attacks (bsc#977464).
       * CVE-2016-1551: Refclock impersonation vulnerability (bsc#977450)y
       * CVE-2016-2516: Duplicate IPs on unconfig directives could have
         caused an assertion botch in ntpd (bsc#977452).
       * CVE-2016-2517: Remote configuration trustedkey/
         requestkey/controlkey values are not properly validated (bsc#977455).
       * CVE-2016-2518: Crafted addpeer with hmode > 7 causes array
         wraparound with MATCH_ASSOC (bsc#977457).
       * CVE-2016-2519: ctl_getitem() return value not always checked
         (bsc#977458).
       * CVE-2015-8158: Potential Infinite Loop in ntpq (bsc#962966).
       * CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).
       * CVE-2015-7979: Off-path Denial of Service (DoS) attack on
         authenticated broadcast mode (bsc#962784).
       * CVE-2015-7978: Stack exhaustion in recursive traversal of
         restriction list (bsc#963000).
       * CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).
       * CVE-2015-7976: ntpq saveconfig command allowed dangerous characters
         in filenames (bsc#962802).
       * CVE-2015-7975: nextvar() missing length check (bsc#962988).
       * CVE-2015-7974: NTP did not verify peer associations of symmetric
         keys when authenticating packets, which might have allowed remote
         attackers to conduct impersonation attacks via an arbitrary trusted
         key, aka a "skeleton" key (bsc#962960).
       * CVE-2015-7973: Replay attack on authenticated broadcast mode
         (bsc#962995).
       * CVE-2015-5300: MITM attacker can force ntpd to make a step larger
         than the panic threshold (bsc#951629).
       * CVE-2015-5194: Crash with crafted logconfig configuration command
         (bsc#943218).
       * CVE-2015-7871: NAK to the Future: Symmetric association
         authentication bypass via crypto-NAK (bsc#952611).
       * CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning
         FAIL on some bogus values (bsc#952611).
       * CVE-2015-7854: Password Length Memory Corruption Vulnerability
         (bsc#952611).
       * CVE-2015-7853: Invalid length data provided by a custom refclock
         driver could cause a buffer overflow (bsc#952611).
       * CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability
         (bsc#952611).
       * CVE-2015-7851: saveconfig Directory Traversal Vulnerability
         (bsc#952611).
       * CVE-2015-7850: Clients that receive a KoD now validate the origin
         timestamp field (bsc#952611).
       * CVE-2015-7849: Prevent use-after-free trusted key (bsc#952611).
       * CVE-2015-7848: Prevent mode 7 loop counter underrun (bsc#952611).
       * CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#952611).
       * CVE-2015-7703: Configuration directives "pidfile" and "driftfile"
         should only be allowed locally (bsc#943221).
       * CVE-2015-7704: Clients that receive a KoD should validate the origin
         timestamp field (bsc#952611).
       * CVE-2015-7705: Clients that receive a KoD should validate the origin
         timestamp field (bsc#952611).
       * CVE-2015-7691: Incomplete autokey data packet length checks
         (bsc#952611).
       * CVE-2015-7692: Incomplete autokey data packet length checks
         (bsc#952611).
       * CVE-2015-7702: Incomplete autokey data packet length checks
         (bsc#952611).
       * CVE-2015-1798: The symmetric-key feature in the receive function in
         ntp_proto.c in ntpd in NTP required a correct MAC only if the MAC
         field has a nonzero length, which made it easier for
         man-in-the-middle attackers to spoof packets by omitting the MAC
         (bsc#924202).
       * CVE-2015-1799: The symmetric-key feature in the receive function in
         ntp_proto.c in ntpd in NTP performed state-variable updates upon
         receiving certain invalid packets, which made it easier for
         man-in-the-middle attackers to cause a denial of service
         (synchronization loss) by spoofing the source IP address of a peer
         (bsc#924202).

   These non-security issues were fixed:

       * Keep the parent process alive until the daemon has finished
         initialisation, to make sure that the PID file exists when the
         parent returns.
       * bsc#979302: Change the process name of the forking DNS worker
         process to avoid the impression that ntpd is started twice.
       * bsc#981422: Don't ignore SIGCHILD because it breaks wait().
       * Separate the creation of ntp.keys and key #1 in it to avoid problems
         when upgrading installations that have the file, but no key #1,
         which is needed e.g. by "rcntp addserver".
       * bsc#957226: Restrict the parser in the startup script to the first
         occurrance of "keys" and "controlkey" in ntp.conf.
       * Enable compile-time support for MS-SNTP (--enable-ntp-signd)
       * bsc#975496: Fix ntp-sntp-dst.patch.
       * bsc#962318: Call /usr/sbin/sntp with full path to synchronize in
         start-ntpd. When run as cron job, /usr/sbin/ is not in the path,
         which caused the synchronization to fail.
       * bsc#782060: Speedup ntpq.
       * bsc#951559: Fix the TZ offset output of sntp during DST.
       * bsc#916617: Add /var/db/ntp-kod.
       * bsc#951351: Add ntp-ENOBUFS.patch to limit a warning that might
         happen quite a lot on loaded systems.
       * Add ntp-fork.patch and build with threads disabled to allow name
         resolution even when running chrooted.
       * bnc#784760: Remove local clock from default configuration.
       * Fix incomplete backporting of "rcntp ntptimemset".
       * bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd.
       * Don't let "keysdir" lines in ntp.conf trigger the "keys" parser.
       * bsc#910063: Fix the comment regarding addserver in ntp.conf.
       * bsc#944300: Remove "kod" from the restrict line in ntp.conf.
       * bsc#905885: Use SHA1 instead of MD5 for symmetric keys.
       * bsc#926510: Re-add chroot support, but mark it as deprecated and
         disable it by default.
       * bsc#920895: Drop support for running chrooted, because it is an
         ongoing source of problems and not really needed anymore, given that
   ntp now drops privileges and runs under apparmor.
       * bsc#920183: Allow -4 and -6 address qualifiers in "server"
         directives.
       * Use upstream ntp-wait, because our version is incompatible with the
         new ntpq command line syntax.
       * bsc#920905: Adjust Util.pm to the Perl version on SLE11.
       * bsc#920238: Enable ntpdc for backwards compatibility.
       * bsc#920893: Don't use %exclude.
       * bsc#988417: Default to NTPD_FORCE_SYNC_ON_STARTUP="yes"
       * bsc#988565: Ignore errors when removing extra files during
         uninstallation
       * bsc#988558: Don't blindly guess the value to use for IP_TOS

   Security Issues:

       * CVE-2016-4953
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953>
       * CVE-2016-4954
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954>
       * CVE-2016-4955
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955>
       * CVE-2016-4956
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956>
       * CVE-2016-4957
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957>
       * CVE-2016-1547
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547>
       * CVE-2016-1548
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548>
       * CVE-2016-1549
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549>
       * CVE-2016-1550
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550>
       * CVE-2016-1551
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551>
       * CVE-2016-2516
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516>
       * CVE-2016-2517
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517>
       * CVE-2016-2518
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518>
       * CVE-2016-2519
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519>
       * CVE-2015-8158
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158>
       * CVE-2015-8138
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138>
       * CVE-2015-7979
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979>
       * CVE-2015-7978
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978>
       * CVE-2015-7977
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977>
       * CVE-2015-7976
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976>
       * CVE-2015-7975
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975>
       * CVE-2015-7974
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974>
       * CVE-2015-7973
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973>
       * CVE-2015-5300
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300>
       * CVE-2015-5194
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194>
       * CVE-2015-7871
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871>
       * CVE-2015-7855
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855>
       * CVE-2015-7854
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854>
       * CVE-2015-7853
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853>
       * CVE-2015-7852
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852>
       * CVE-2015-7851
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851>
       * CVE-2015-7850
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850>
       * CVE-2015-7849
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849>
       * CVE-2015-7848
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848>
       * CVE-2015-7701
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701>
       * CVE-2015-7703
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703>
       * CVE-2015-7704
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704>
       * CVE-2015-7705
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705>
       * CVE-2015-7691
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691>
       * CVE-2015-7692
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692>
       * CVE-2015-7702
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702>
       * CVE-2015-1798
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798>
       * CVE-2015-1799
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799>



Package List:

   - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64):

      ntp-4.2.8p8-0.7.1
      ntp-doc-4.2.8p8-0.7.1


References:

   https://www.suse.com/security/cve/CVE-2015-1798.html
   https://www.suse.com/security/cve/CVE-2015-1799.html
   https://www.suse.com/security/cve/CVE-2015-5194.html
   https://www.suse.com/security/cve/CVE-2015-5300.html
   https://www.suse.com/security/cve/CVE-2015-7691.html
   https://www.suse.com/security/cve/CVE-2015-7692.html
   https://www.suse.com/security/cve/CVE-2015-7701.html
   https://www.suse.com/security/cve/CVE-2015-7702.html
   https://www.suse.com/security/cve/CVE-2015-7703.html
   https://www.suse.com/security/cve/CVE-2015-7704.html
   https://www.suse.com/security/cve/CVE-2015-7705.html
   https://www.suse.com/security/cve/CVE-2015-7848.html
   https://www.suse.com/security/cve/CVE-2015-7849.html
   https://www.suse.com/security/cve/CVE-2015-7850.html
   https://www.suse.com/security/cve/CVE-2015-7851.html
   https://www.suse.com/security/cve/CVE-2015-7852.html
   https://www.suse.com/security/cve/CVE-2015-7853.html
   https://www.suse.com/security/cve/CVE-2015-7854.html
   https://www.suse.com/security/cve/CVE-2015-7855.html
   https://www.suse.com/security/cve/CVE-2015-7871.html
   https://www.suse.com/security/cve/CVE-2015-7973.html
   https://www.suse.com/security/cve/CVE-2015-7974.html
   https://www.suse.com/security/cve/CVE-2015-7975.html
   https://www.suse.com/security/cve/CVE-2015-7976.html
   https://www.suse.com/security/cve/CVE-2015-7977.html
   https://www.suse.com/security/cve/CVE-2015-7978.html
   https://www.suse.com/security/cve/CVE-2015-7979.html
   https://www.suse.com/security/cve/CVE-2015-8138.html
   https://www.suse.com/security/cve/CVE-2015-8158.html
   https://www.suse.com/security/cve/CVE-2016-1547.html
   https://www.suse.com/security/cve/CVE-2016-1548.html
   https://www.suse.com/security/cve/CVE-2016-1549.html
   https://www.suse.com/security/cve/CVE-2016-1550.html
   https://www.suse.com/security/cve/CVE-2016-1551.html
   https://www.suse.com/security/cve/CVE-2016-2516.html
   https://www.suse.com/security/cve/CVE-2016-2517.html
   https://www.suse.com/security/cve/CVE-2016-2518.html
   https://www.suse.com/security/cve/CVE-2016-2519.html
   https://www.suse.com/security/cve/CVE-2016-4953.html
   https://www.suse.com/security/cve/CVE-2016-4954.html
   https://www.suse.com/security/cve/CVE-2016-4955.html
   https://www.suse.com/security/cve/CVE-2016-4956.html
   https://www.suse.com/security/cve/CVE-2016-4957.html
   https://bugzilla.suse.com/782060
   https://bugzilla.suse.com/784760
   https://bugzilla.suse.com/905885
   https://bugzilla.suse.com/910063
   https://bugzilla.suse.com/916617
   https://bugzilla.suse.com/920183
   https://bugzilla.suse.com/920238
   https://bugzilla.suse.com/920893
   https://bugzilla.suse.com/920895
   https://bugzilla.suse.com/920905
   https://bugzilla.suse.com/924202
   https://bugzilla.suse.com/926510
   https://bugzilla.suse.com/936327
   https://bugzilla.suse.com/943218
   https://bugzilla.suse.com/943221
   https://bugzilla.suse.com/944300
   https://bugzilla.suse.com/951351
   https://bugzilla.suse.com/951559
   https://bugzilla.suse.com/951629
   https://bugzilla.suse.com/952611
   https://bugzilla.suse.com/957226
   https://bugzilla.suse.com/962318
   https://bugzilla.suse.com/962784
   https://bugzilla.suse.com/962802
   https://bugzilla.suse.com/962960
   https://bugzilla.suse.com/962966
   https://bugzilla.suse.com/962970
   https://bugzilla.suse.com/962988
   https://bugzilla.suse.com/962995
   https://bugzilla.suse.com/963000
   https://bugzilla.suse.com/963002
   https://bugzilla.suse.com/975496
   https://bugzilla.suse.com/977450
   https://bugzilla.suse.com/977451
   https://bugzilla.suse.com/977452
   https://bugzilla.suse.com/977455
   https://bugzilla.suse.com/977457
   https://bugzilla.suse.com/977458
   https://bugzilla.suse.com/977459
   https://bugzilla.suse.com/977461
   https://bugzilla.suse.com/977464
   https://bugzilla.suse.com/979302
   https://bugzilla.suse.com/981422
   https://bugzilla.suse.com/982056
   https://bugzilla.suse.com/982064
   https://bugzilla.suse.com/982065
   https://bugzilla.suse.com/982066
   https://bugzilla.suse.com/982067
   https://bugzilla.suse.com/982068
   https://bugzilla.suse.com/988417
   https://bugzilla.suse.com/988558
   https://bugzilla.suse.com/988565
   https://download.suse.com/patch/finder/?keywords=e7685b9a0cc48dfc1cea383e011b438b



More information about the sle-security-updates mailing list