SUSE-SU-2016:1247-1: important: Security update for ntp

sle-updates at lists.suse.com sle-updates at lists.suse.com
Fri May 6 05:07:49 MDT 2016


   SUSE Security Update: Security update for ntp
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:1247-1
Rating:             important
References:         #782060 #905885 #910063 #916617 #920238 #926510 
                    #936327 #937837 #942587 #944300 #946386 #951559 
                    #951608 #951629 #954982 #956773 #962318 #962784 
                    #962802 #962960 #962966 #962970 #962988 #962994 
                    #962995 #962997 #963000 #963002 #975496 #975981 
                    
Cross-References:   CVE-2015-5300 CVE-2015-7691 CVE-2015-7692
                    CVE-2015-7701 CVE-2015-7702 CVE-2015-7703
                    CVE-2015-7704 CVE-2015-7705 CVE-2015-7848
                    CVE-2015-7849 CVE-2015-7850 CVE-2015-7851
                    CVE-2015-7852 CVE-2015-7853 CVE-2015-7854
                    CVE-2015-7855 CVE-2015-7871 CVE-2015-7973
                    CVE-2015-7974 CVE-2015-7975 CVE-2015-7976
                    CVE-2015-7977 CVE-2015-7978 CVE-2015-7979
                    CVE-2015-8138 CVE-2015-8139 CVE-2015-8140
                    CVE-2015-8158
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12
                    SUSE Linux Enterprise Server 12
                    SUSE Linux Enterprise Desktop 12
______________________________________________________________________________

   An update that solves 28 vulnerabilities and has two fixes
   is now available.

Description:

   ntp was updated to version 4.2.8p6 to fix 28 security issues.

   Major functional changes:
   - The "sntp" commandline tool changed its option handling in a major way,
     some options have been renamed or dropped.
   - "controlkey 1" is added during update to ntp.conf to allow sntp to work.
   - The local clock is being disabled during update.
   - ntpd is no longer running chrooted.

   Other functional changes:
   - ntp-signd is installed.
   - "enable mode7" can be added to the configuration to allow ntdpc to work
     as compatibility mode option.
   - "kod" was removed from the default restrictions.
   - SHA1 keys are used by default instead of MD5 keys.

   Also yast2-ntp-client was updated to match some sntp syntax changes.
   (bsc#937837)

   These security issues were fixed:
   - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).
   - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).
   - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated
     broadcast mode (bsc#962784).
   - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction
     list (bsc#963000).
   - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).
   - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in
     filenames (bsc#962802).
   - CVE-2015-7975: nextvar() missing length check (bsc#962988).
   - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation
     between authenticated peers (bsc#962960).
   - CVE-2015-7973: Replay attack on authenticated broadcast mode
     (bsc#962995).
   - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).
   - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).
   - CVE-2015-5300: MITM attacker could have forced ntpd to make a step
     larger than the panic threshold (bsc#951629).
   - CVE-2015-7871: NAK to the Future: Symmetric association authentication
     bypass via crypto-NAK (bsc#951608).
   - CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning
     FAIL on some bogus values (bsc#951608).
   - CVE-2015-7854: Password Length Memory Corruption Vulnerability
     (bsc#951608).
   - CVE-2015-7853: Invalid length data provided by a custom refclock driver
     could cause a buffer overflow (bsc#951608).
   - CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability
     (bsc#951608).
   - CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#951608).
   - CVE-2015-7850: remote config logfile-keyfile (bsc#951608).
   - CVE-2015-7849: trusted key use-after-free (bsc#951608).
   - CVE-2015-7848: mode 7 loop counter underrun (bsc#951608).
   - CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#951608).
   - CVE-2015-7703: configuration directives "pidfile" and "driftfile" should
     only be allowed locally (bsc#951608).
   - CVE-2015-7704, CVE-2015-7705: Clients that receive a KoD should validate
     the origin timestamp field (bsc#951608).
   - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702: Incomplete autokey data
     packet length checks (bsc#951608).

   These non-security issues were fixed:
   - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP
     (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added
     the authreg directive.
   - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in
     start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which
     caused the synchronization to fail.
   - bsc#782060: Speedup ntpq.
   - bsc#916617: Add /var/db/ntp-kod.
   - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen
     quite a lot on loaded systems.
   - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST.
   - Add ntp-fork.patch and build with threads disabled to allow name
     resolution even when running chrooted.
   - Add a controlkey line to /etc/ntp.conf if one does not already exist to
     allow runtime configuuration via ntpq.
   - bsc#946386: Temporarily disable memlock to avoid problems due to high
     memory usage during name resolution.
   - bsc#905885: Use SHA1 instead of MD5 for symmetric keys.
   - Improve runtime configuration:
     * Read keytype from ntp.conf
     * Don't write ntp keys to syslog.
   - Fix legacy action scripts to pass on command line arguments.
   - bsc#944300: Remove "kod" from the restrict line in ntp.conf.
   - bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd.
   - Add a controlkey to ntp.conf to make the above work.
   - Don't let "keysdir" lines in ntp.conf trigger the "keys" parser.
   - Disable mode 7 (ntpdc) again, now that we don't use it anymore.
   - Add "addserver" as a new legacy action.
   - bsc#910063: Fix the comment regarding addserver in ntp.conf.
   - bsc#926510: Disable chroot by default.
   - bsc#920238: Enable ntpdc for backwards compatibility.


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12:

      zypper in -t patch SUSE-SLE-SDK-12-2016-727=1

   - SUSE Linux Enterprise Server 12:

      zypper in -t patch SUSE-SLE-SERVER-12-2016-727=1

   - SUSE Linux Enterprise Desktop 12:

      zypper in -t patch SUSE-SLE-DESKTOP-12-2016-727=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 12 (noarch):

      yast2-ntp-client-devel-doc-3.1.12.4-8.2

   - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):

      ntp-4.2.8p6-46.5.2
      ntp-debuginfo-4.2.8p6-46.5.2
      ntp-debugsource-4.2.8p6-46.5.2
      ntp-doc-4.2.8p6-46.5.2

   - SUSE Linux Enterprise Server 12 (noarch):

      yast2-ntp-client-3.1.12.4-8.2

   - SUSE Linux Enterprise Desktop 12 (noarch):

      yast2-ntp-client-3.1.12.4-8.2

   - SUSE Linux Enterprise Desktop 12 (x86_64):

      ntp-4.2.8p6-46.5.2
      ntp-debuginfo-4.2.8p6-46.5.2
      ntp-debugsource-4.2.8p6-46.5.2
      ntp-doc-4.2.8p6-46.5.2


References:

   https://www.suse.com/security/cve/CVE-2015-5300.html
   https://www.suse.com/security/cve/CVE-2015-7691.html
   https://www.suse.com/security/cve/CVE-2015-7692.html
   https://www.suse.com/security/cve/CVE-2015-7701.html
   https://www.suse.com/security/cve/CVE-2015-7702.html
   https://www.suse.com/security/cve/CVE-2015-7703.html
   https://www.suse.com/security/cve/CVE-2015-7704.html
   https://www.suse.com/security/cve/CVE-2015-7705.html
   https://www.suse.com/security/cve/CVE-2015-7848.html
   https://www.suse.com/security/cve/CVE-2015-7849.html
   https://www.suse.com/security/cve/CVE-2015-7850.html
   https://www.suse.com/security/cve/CVE-2015-7851.html
   https://www.suse.com/security/cve/CVE-2015-7852.html
   https://www.suse.com/security/cve/CVE-2015-7853.html
   https://www.suse.com/security/cve/CVE-2015-7854.html
   https://www.suse.com/security/cve/CVE-2015-7855.html
   https://www.suse.com/security/cve/CVE-2015-7871.html
   https://www.suse.com/security/cve/CVE-2015-7973.html
   https://www.suse.com/security/cve/CVE-2015-7974.html
   https://www.suse.com/security/cve/CVE-2015-7975.html
   https://www.suse.com/security/cve/CVE-2015-7976.html
   https://www.suse.com/security/cve/CVE-2015-7977.html
   https://www.suse.com/security/cve/CVE-2015-7978.html
   https://www.suse.com/security/cve/CVE-2015-7979.html
   https://www.suse.com/security/cve/CVE-2015-8138.html
   https://www.suse.com/security/cve/CVE-2015-8139.html
   https://www.suse.com/security/cve/CVE-2015-8140.html
   https://www.suse.com/security/cve/CVE-2015-8158.html
   https://bugzilla.suse.com/782060
   https://bugzilla.suse.com/905885
   https://bugzilla.suse.com/910063
   https://bugzilla.suse.com/916617
   https://bugzilla.suse.com/920238
   https://bugzilla.suse.com/926510
   https://bugzilla.suse.com/936327
   https://bugzilla.suse.com/937837
   https://bugzilla.suse.com/942587
   https://bugzilla.suse.com/944300
   https://bugzilla.suse.com/946386
   https://bugzilla.suse.com/951559
   https://bugzilla.suse.com/951608
   https://bugzilla.suse.com/951629
   https://bugzilla.suse.com/954982
   https://bugzilla.suse.com/956773
   https://bugzilla.suse.com/962318
   https://bugzilla.suse.com/962784
   https://bugzilla.suse.com/962802
   https://bugzilla.suse.com/962960
   https://bugzilla.suse.com/962966
   https://bugzilla.suse.com/962970
   https://bugzilla.suse.com/962988
   https://bugzilla.suse.com/962994
   https://bugzilla.suse.com/962995
   https://bugzilla.suse.com/962997
   https://bugzilla.suse.com/963000
   https://bugzilla.suse.com/963002
   https://bugzilla.suse.com/975496
   https://bugzilla.suse.com/975981



More information about the sle-updates mailing list