Oval Definition:oval:org.opensuse.security:def:55730
Revision Date:2020-12-01Version:1
Title:Security update for ntp (Important)
Description:

ntp was updated to version 4.2.8p8 to fix 17 security issues.

These security issues were fixed: - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC (bsc#977457). - CVE-2016-2519: ctl_getitem() return value not always checked (bsc#977458). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2015-7974: NTP did not verify peer associations of symmetric keys when authenticating packets, which might allowed remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a 'skeleton key (bsc#962960). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). - CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion botch (bsc#977452). - CVE-2016-2517: Remote configuration trustedkey/requestkey values are not properly validated (bsc#977455). - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-1547: CRYPTO-NAK DoS (bsc#977459). - CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering (bsc#977450). - CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypt-timing (bsc#977464). - CVE-2016-1548: Interleave-pivot - MITIGATION ONLY (bsc#977461). - CVE-2016-1549: Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY (bsc#977451).

This release also contained improved patches for CVE-2015-7704, CVE-2015-7705, CVE-2015-7974.

These non-security issues were fixed: - bsc#979302: Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. - bsc#981422: Don't ignore SIGCHILD because it breaks wait(). - bsc#979981: ntp-wait does not accept fractional seconds, so use 1 instead of 0.2 in ntp-wait.service. - Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by 'rcntp addserver'. - bsc#957226: Restrict the parser in the startup script to the first occurrance of 'keys' and 'controlkey' in ntp.conf.
Family:unixClass:patch
Status:Reference(s):1010399
1010405
1010406
1010408
1010409
1010421
1010423
1010424
1010425
1010426
1020427
1021741
1025108
1025109
1025311
1028184
1028656
1030624
1032075
1034866
1034908
1035406
1035950
1036211
1037242
1037334
1037336
1039495
1042159
1042800
1042801
1043008
1043073
1043296
1045035
1046636
1047281
1047674
1048902
1049381
1053153
1054724
1056334
1057378
1057585
1062069
1063122
1069708
1071471
1074235
1090338
1092611
1096740
1120374
1137990
1149429
1154738
1158095
801663
809662
813673
813675
813677
814709
816156
816159
816163
816865
819416
820917
820919
820920
884130
916953
957226
959933
962960
977450
977451
977452
977455
977457
977458
977459
977461
977464
979302
979981
981422
982064
982065
982066
982067
982068
983922
994157
994418
994605
994819
CVE-2013-1917
CVE-2013-1918
CVE-2013-1919
CVE-2013-1920
CVE-2013-1952
CVE-2013-1964
CVE-2013-1986
CVE-2013-2020
CVE-2013-2021
CVE-2013-2072
CVE-2013-2076
CVE-2013-2077
CVE-2013-2078
CVE-2014-4617
CVE-2014-4910
CVE-2014-8161
CVE-2015-0241
CVE-2015-0243
CVE-2015-0244
CVE-2015-7704
CVE-2015-7705
CVE-2015-7974
CVE-2016-1547
CVE-2016-1548
CVE-2016-1549
CVE-2016-1550
CVE-2016-1551
CVE-2016-2516
CVE-2016-2517
CVE-2016-2518
CVE-2016-2519
CVE-2016-2830
CVE-2016-4953
CVE-2016-4954
CVE-2016-4955
CVE-2016-4956
CVE-2016-4957
CVE-2016-5289
CVE-2016-5292
CVE-2016-6313
CVE-2016-6834
CVE-2016-6835
CVE-2016-6855
CVE-2016-9063
CVE-2016-9067
CVE-2016-9068
CVE-2016-9069
CVE-2016-9071
CVE-2016-9073
CVE-2016-9075
CVE-2016-9076
CVE-2016-9077
CVE-2016-9602
CVE-2016-9603
CVE-2017-10661
CVE-2017-10664
CVE-2017-10806
CVE-2017-10911
CVE-2017-11334
CVE-2017-11434
CVE-2017-12809
CVE-2017-13672
CVE-2017-14167
CVE-2017-15038
CVE-2017-15289
CVE-2017-15868
CVE-2017-16939
CVE-2017-5579
CVE-2017-5973
CVE-2017-5987
CVE-2017-6505
CVE-2017-7377
CVE-2017-7471
CVE-2017-7493
CVE-2017-7718
CVE-2017-7789
CVE-2017-7980
CVE-2017-8086
CVE-2017-8112
CVE-2017-8309
CVE-2017-8379
CVE-2017-8380
CVE-2017-9330
CVE-2017-9373
CVE-2017-9374
CVE-2017-9375
CVE-2017-9503
CVE-2018-3665
CVE-2018-5150
CVE-2018-5151
CVE-2018-5152
CVE-2018-5153
CVE-2018-5154
CVE-2018-5155
CVE-2018-5157
CVE-2018-5158
CVE-2018-5159
CVE-2018-5160
CVE-2018-5163
CVE-2018-5164
CVE-2018-5165
CVE-2018-5166
CVE-2018-5167
CVE-2018-5168
CVE-2018-5169
CVE-2018-5172
CVE-2018-5173
CVE-2018-5174
CVE-2018-5175
CVE-2018-5176
CVE-2018-5177
CVE-2018-5178
CVE-2018-5179
CVE-2018-5180
CVE-2018-5181
CVE-2018-5182
CVE-2018-5183
CVE-2019-11757
CVE-2019-11758
CVE-2019-11759
CVE-2019-11760
CVE-2019-11761
CVE-2019-11762
CVE-2019-11763
CVE-2019-11764
CVE-2019-14889
CVE-2019-15903
SUSE-SU-2015:0639-1
SUSE-SU-2016:1568-1
SUSE-SU-2016:2345-1
SUSE-SU-2016:2827-1
SUSE-SU-2017:2946-1
SUSE-SU-2017:3313-1
SUSE-SU-2018:0237-1
SUSE-SU-2018:0253-1
SUSE-SU-2018:2113-1
SUSE-SU-2019:2872-1
SUSE-SU-2020:0139-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • apache2-mod_php7-7.2.5-lp150.1 is installed
  • OR php7-7.2.5-lp150.1 is installed
  • OR php7-ctype-7.2.5-lp150.1 is installed
  • OR php7-dom-7.2.5-lp150.1 is installed
  • OR php7-iconv-7.2.5-lp150.1 is installed
  • OR php7-json-7.2.5-lp150.1 is installed
  • OR php7-mysql-7.2.5-lp150.1 is installed
  • OR php7-pdo-7.2.5-lp150.1 is installed
  • OR php7-pgsql-7.2.5-lp150.1 is installed
  • OR php7-sqlite-7.2.5-lp150.1 is installed
  • OR php7-tokenizer-7.2.5-lp150.1 is installed
  • OR php7-xmlreader-7.2.5-lp150.1 is installed
  • OR php7-xmlwriter-7.2.5-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • libxslt-1.1.32-lp151.3.3 is installed
  • OR libxslt-devel-1.1.32-lp151.3.3 is installed
  • OR libxslt-devel-32bit-1.1.32-lp151.3.3 is installed
  • OR libxslt-python-1.1.32-lp151.3.3 is installed
  • OR libxslt-tools-1.1.32-lp151.3.3 is installed
  • OR libxslt1-1.1.32-lp151.3.3 is installed
  • OR libxslt1-32bit-1.1.32-lp151.3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND clamav-0.97.8-0.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • gpg2-2.0.9-25.33.39 is installed
  • OR gpg2-lang-2.0.9-25.33.39 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • ntp-4.2.8p8-46.8 is installed
  • OR ntp-doc-4.2.8p8-46.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • libgcrypt-1.6.1-16.33 is installed
  • OR libgcrypt20-1.6.1-16.33 is installed
  • OR libgcrypt20-32bit-1.6.1-16.33 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • MozillaFirefox-68.2.0-109.95 is installed
  • OR MozillaFirefox-translations-common-68.2.0-109.95 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • libXrandr2-1.4.2-3 is installed
  • OR libXrandr2-32bit-1.4.2-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_74-60_64_51-default-5-2 is installed
  • OR kgraft-patch-3_12_74-60_64_51-xen-5-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_18-5-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • ghostscript-9.15-6 is installed
  • OR ghostscript-x11-9.15-6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • libvirt-2.0.0-27.45 is installed
  • OR libvirt-client-2.0.0-27.45 is installed
  • OR libvirt-daemon-2.0.0-27.45 is installed
  • OR libvirt-daemon-config-network-2.0.0-27.45 is installed
  • OR libvirt-daemon-config-nwfilter-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-interface-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-libxl-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-lxc-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-network-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-nodedev-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-nwfilter-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-qemu-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-secret-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-storage-2.0.0-27.45 is installed
  • OR libvirt-daemon-hooks-2.0.0-27.45 is installed
  • OR libvirt-daemon-lxc-2.0.0-27.45 is installed
  • OR libvirt-daemon-qemu-2.0.0-27.45 is installed
  • OR libvirt-daemon-xen-2.0.0-27.45 is installed
  • OR libvirt-doc-2.0.0-27.45 is installed
  • OR libvirt-lock-sanlock-2.0.0-27.45 is installed
  • OR libvirt-nss-2.0.0-27.45 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • java-1_7_0-openjdk-1.7.0.221-43.22 is installed
  • OR java-1_7_0-openjdk-demo-1.7.0.221-43.22 is installed
  • OR java-1_7_0-openjdk-devel-1.7.0.221-43.22 is installed
  • OR java-1_7_0-openjdk-headless-1.7.0.221-43.22 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_121-92_80-default-3-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_22-3-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND shim-0.9-23 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND squid-3.5.21-26.23 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • perl-5.18.2-12.20 is installed
  • OR perl-32bit-5.18.2-12.20 is installed
  • OR perl-base-5.18.2-12.20 is installed
  • OR perl-doc-5.18.2-12.20 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • adns-1.4-103.3 is installed
  • OR libadns1-1.4-103.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libjavascriptcoregtk-4_0-18-2.24.4-2.47 is installed
  • OR libwebkit2gtk-4_0-37-2.24.4-2.47 is installed
  • OR typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47 is installed
  • OR typelib-1_0-WebKit2-4_0-2.24.4-2.47 is installed
  • OR webkit2gtk-4_0-injected-bundles-2.24.4-2.47 is installed
  • OR webkit2gtk3-2.24.4-2.47 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • DirectFB-1.7.1-6 is installed
  • OR lib++dfb-1_7-1-1.7.1-6 is installed
  • OR libdirectfb-1_7-1-1.7.1-6 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND Package Information
  • qemu-2.3.1-33.3 is installed
  • OR qemu-block-curl-2.3.1-33.3 is installed
  • OR qemu-block-rbd-2.3.1-33.3 is installed
  • OR qemu-guest-agent-2.3.1-33.3 is installed
  • OR qemu-ipxe-1.0.0-33.3 is installed
  • OR qemu-kvm-2.3.1-33.3 is installed
  • OR qemu-lang-2.3.1-33.3 is installed
  • OR qemu-seabios-1.8.1-33.3 is installed
  • OR qemu-sgabios-8-33.3 is installed
  • OR qemu-tools-2.3.1-33.3 is installed
  • OR qemu-vgabios-1.8.1-33.3 is installed
  • OR qemu-x86-2.3.1-33.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND python-XStatic-jquery-ui-1.11.0.1-2.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • java-1_7_0-openjdk-1.7.0.241-43.30 is installed
  • OR java-1_7_0-openjdk-demo-1.7.0.241-43.30 is installed
  • OR java-1_7_0-openjdk-devel-1.7.0.241-43.30 is installed
  • OR java-1_7_0-openjdk-headless-1.7.0.241-43.30 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • gvim-7.4.326-17.6 is installed
  • OR vim-7.4.326-17.6 is installed
  • OR vim-data-7.4.326-17.6 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND Package Information
  • mariadb-10.2.29-3.22 is installed
  • OR mariadb-galera-10.2.29-3.22 is installed
    • BACK