These security issues were fixed: - CVE-2014-9294: util/ntp-keygen.c in ntp-keygen used a weak RNG seed, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack (bnc#910764 911792). - CVE-2014-9293: The config_auth function in ntpd, when an auth key was not configured, improperly generated a key, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack (bnc#910764 911792). - CVE-2014-9298: ::1 can be spoofed on some OSes, so ACLs based on IPv6 ::1 addresses could be bypassed (bnc#911792). - CVE-2014-9297: Information leak by not properly checking a length in several places in ntp_crypto.c (bnc#911792).
openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9