SUSE-SU-2017:0255-1

Source
https://www.suse.com/support/update/announcement/2017/suse-su-20170255-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:0255-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2017:0255-1
Related
Published
2017-01-23T11:27:30Z
Modified
2017-01-23T11:27:30Z
Summary
Security update for ntp
Details

This update for ntp fixes the following issues:

ntp was updated to 4.2.8p9.

Security issues fixed:

  • CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector.
  • CVE-2016-7427, bsc#1011390: Broadcast Mode Replay Prevention DoS.
  • CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval Enforcement DoS.
  • CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero Origin Timestamp Bypass.
  • CVE-2016-7434, bsc#1011398: Null pointer dereference in IOstrinitstatic_internal().
  • CVE-2016-7429, bsc#1011404: Interface selection attack.
  • CVE-2016-7426, bsc#1011406: Client rate limiting and server responses.
  • CVE-2016-7433, bsc#1011411: Reboot sync calculation problem.
  • CVE-2015-8140: ntpq vulnerable to replay attacks.
  • CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin.
  • CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216).

Non-security issues fixed:

  • Fix a spurious error message.
  • Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog.
  • Fix a regression in 'trap' (bsc#981252).
  • Reduce the number of netlink groups to listen on for changes to the local network setup (bsc#992606).
  • Fix segfault in 'sntp -a' (bsc#1009434).
  • Silence an OpenSSL version warning (bsc#992038).
  • Make the resolver task change user and group IDs to the same values as the main task. (bsc#988028)
  • Simplify ntpd's search for its own executable to prevent AppArmor warnings (bsc#956365).
References

Affected packages

SUSE:OpenStack Cloud 5 / ntp

Package

Name
ntp
Purl
pkg:rpm/suse/ntp&distro=SUSE%20OpenStack%20Cloud%205

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.8p9-48.9.1

Ecosystem specific

{
    "binaries": [
        {
            "ntp-doc": "4.2.8p9-48.9.1",
            "ntp": "4.2.8p9-48.9.1"
        }
    ]
}

SUSE:Manager 2.1 / ntp

Package

Name
ntp
Purl
pkg:rpm/suse/ntp&distro=SUSE%20Manager%202.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.8p9-48.9.1

Ecosystem specific

{
    "binaries": [
        {
            "ntp-doc": "4.2.8p9-48.9.1",
            "ntp": "4.2.8p9-48.9.1"
        }
    ]
}

SUSE:Manager Proxy 2.1 / ntp

Package

Name
ntp
Purl
pkg:rpm/suse/ntp&distro=SUSE%20Manager%20Proxy%202.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.8p9-48.9.1

Ecosystem specific

{
    "binaries": [
        {
            "ntp-doc": "4.2.8p9-48.9.1",
            "ntp": "4.2.8p9-48.9.1"
        }
    ]
}

SUSE:Linux Enterprise Point of Sale 11 SP3 / ntp

Package

Name
ntp
Purl
pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.8p9-48.9.1

Ecosystem specific

{
    "binaries": [
        {
            "ntp-doc": "4.2.8p9-48.9.1",
            "ntp": "4.2.8p9-48.9.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP2-LTSS / ntp

Package

Name
ntp
Purl
pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.8p9-48.9.1

Ecosystem specific

{
    "binaries": [
        {
            "ntp-doc": "4.2.8p9-48.9.1",
            "ntp": "4.2.8p9-48.9.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP3-LTSS / ntp

Package

Name
ntp
Purl
pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.8p9-48.9.1

Ecosystem specific

{
    "binaries": [
        {
            "ntp-doc": "4.2.8p9-48.9.1",
            "ntp": "4.2.8p9-48.9.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP3-TERADATA / ntp

Package

Name
ntp
Purl
pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.8p9-48.9.1

Ecosystem specific

{
    "binaries": [
        {
            "ntp-doc": "4.2.8p9-48.9.1",
            "ntp": "4.2.8p9-48.9.1"
        }
    ]
}