Oval Definition:	oval:org.opensuse.security:def:56524
Revision Date: 2020-12-01 Version: 1 Title: Security update for ntp (Moderate) Description: This update for ntp fixes the following issues: - Update to 4.2.8p11 (bsc#1082210): * CVE-2016-1549: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. * CVE-2018-7182: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. (bsc#1083426) * CVE-2018-7170: Multiple authenticated ephemeral associations. (bsc#1083424) * CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state. (bsc#1083422) * CVE-2018-7185: Unauthenticated packet can reset authenticated interleaved association. (bsc#1083420) * CVE-2018-7183: ntpq:decodearr() can write beyond its buffer limit.(bsc#1083417) - Don't use libevent's cached time stamps in sntp. (bsc#1077445) This update is a reissue of the previous update with LTSS channels included. Family: unix Class: patch Status: Reference(s): 1008846 1012382 1031717 1046554 1046555 1046610 1057734 1070536 1075428 1076017 1076847 1077445 1077560 1082063 1082153 1082210 1082299 1083125 1083417 1083420 1083422 1083424 1083426 1083488 1083745 1083836 1084353 1084610 1084721 1084829 1085042 1085114 1085185 1085224 1085402 1085404 1085447 1086162 1086194 1086730 1087088 1087260 1087845 1088241 1088242 1088600 1088684 1089198 1089608 1089644 1089752 1090368 1090643 1090646 1105434 1112852 1122292 1122299 1141780 1141782 1141783 1141785 1141787 1141789 1147021 969522 969894 973786 975131 981566 986228 986869 991564 CVE-2012-0786 CVE-2013-4238 CVE-2014-4038 CVE-2014-4039 CVE-2014-8119 CVE-2015-3982 CVE-2015-5145 CVE-2015-5963 CVE-2015-8213 CVE-2016-1549 CVE-2016-1950 CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1957 CVE-2016-1958 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-1978 CVE-2016-1979 CVE-2016-2119 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 CVE-2016-3076 CVE-2016-9190 CVE-2017-13166 CVE-2017-13166 CVE-2017-18257 CVE-2017-3142 CVE-2017-3143 CVE-2018-1000004 CVE-2018-1000140 CVE-2018-1000222 CVE-2018-10087 CVE-2018-10124 CVE-2018-1068 CVE-2018-1087 CVE-2018-11212 CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 CVE-2018-7566 CVE-2018-7740 CVE-2018-8043 CVE-2018-8781 CVE-2018-8781 CVE-2018-8822 CVE-2018-8897 CVE-2018-8897 CVE-2019-11771 CVE-2019-11772 CVE-2019-11775 CVE-2019-2449 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-4473 CVE-2019-7317 SUSE-SU-2016:0727-1 SUSE-SU-2016:2306-1 SUSE-SU-2017:1736-1 SUSE-SU-2018:0828-1 SUSE-SU-2018:1032-1 SUSE-SU-2018:1173-1 SUSE-SU-2018:1174-1 SUSE-SU-2018:1532-1 SUSE-SU-2018:1765-1 SUSE-SU-2018:2837-1 SUSE-SU-2018:3749-1 SUSE-SU-2019:2371-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND klogd-1.4.1-lp150.2 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libxslt-1.1.32-lp151.3.3 is installed OR libxslt-devel-1.1.32-lp151.3.3 is installed OR libxslt-devel-32bit-1.1.32-lp151.3.3 is installed OR libxslt-python-1.1.32-lp151.3.3 is installed OR libxslt-tools-1.1.32-lp151.3.3 is installed OR libxslt1-1.1.32-lp151.3.3 is installed OR libxslt1-32bit-1.1.32-lp151.3.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information ntp-4.2.8p11-64.5 is installed OR ntp-doc-4.2.8p11-64.5 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND ppc64-diag-2.6.9-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_54-default-9-2 is installed OR kgraft-patch-3_12_74-60_64_54-xen-9-2 is installed OR kgraft-patch-SLE12-SP1_Update_19-9-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information augeas-1.2.0-10 is installed OR augeas-lenses-1.2.0-10 is installed OR libaugeas0-1.2.0-10 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND yast2-smt-3.0.14-17.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kgraft-patch-4_4_120-92_70-default-7-2 is installed OR kgraft-patch-SLE12-SP2_Update_20-7-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_103-92_56-default-8-2 is installed OR kgraft-patch-SLE12-SP2_Update_17-8-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information gpgme-1.5.1-1 is installed OR libgpgme11-1.5.1-1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_176-94_88-default-3-2 is installed OR kgraft-patch-SLE12-SP3_Update_24-3-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libgxps-0.2.2-10.3 is installed OR libgxps2-0.2.2-10.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information gpgme-1.5.1-1 is installed OR libgpgme11-1.5.1-1 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND python-Django-1.8.9-1 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information MozillaFirefox-60.3.0-109.50 is installed OR MozillaFirefox-devel-60.3.0-109.50 is installed OR MozillaFirefox-translations-common-60.3.0-109.50 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information xen-4.9.4_10-3.71 is installed OR xen-doc-html-4.9.4_10-3.71 is installed OR xen-libs-4.9.4_10-3.71 is installed OR xen-libs-32bit-4.9.4_10-3.71 is installed OR xen-tools-4.9.4_10-3.71 is installed OR xen-tools-domU-4.9.4_10-3.71 is installed
BACK