Oval Definition:	oval:org.opensuse.security:def:57625
Revision Date: 2020-12-01 Version: 1 Title: Security update for ntp (Moderate) Description: This ntp update provides the following security and non security fixes: - Update to 4.2.8p4 to fix several security issues (bsc#951608): * CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK * CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values * CVE-2015-7854: Password Length Memory Corruption Vulnerability * CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow * CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability * CVE-2015-7851 saveconfig Directory Traversal Vulnerability * CVE-2015-7850 remote config logfile-keyfile * CVE-2015-7849 trusted key use-after-free * CVE-2015-7848 mode 7 loop counter underrun * CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC * CVE-2015-7703 configuration directives 'pidfile' and 'driftfile' should only be allowed locally * CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field * CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks - Use ntpq instead of deprecated ntpdc in start-ntpd (bnc#936327). - Add a controlkey to ntp.conf to make the above work. - Improve runtime configuration: * Read keytype from ntp.conf * Don't write ntp keys to syslog. - Don't let 'keysdir' lines in ntp.conf trigger the 'keys' parser. - Fix the comment regarding addserver in ntp.conf (bnc#910063). - Remove ntp.1.gz, it wasn't installed anymore. - Remove ntp-4.2.7-rh-manpages.tar.gz and only keep ntptime.8.gz. The rest is partially irrelevant, partially redundant and potentially outdated (bsc#942587). - Remove 'kod' from the restrict line in ntp.conf (bsc#944300). - Use SHA1 instead of MD5 for symmetric keys (bsc#905885). - Require perl-Socket6 (bsc#942441). - Fix incomplete backporting of 'rcntp ntptimemset'. Family: unix Class: patch Status: Reference(s): 1020102 1025950 1025951 1048715 1097108 1099306 1103203 1104199 1104202 1112142 1112143 1112144 1112146 1112147 1112148 1112152 1112153 1122293 1122299 1130721 1131233 1131237 1131239 1131241 1131245 1132728 1132729 1132732 1134297 1159913 1165631 1175664 1175665 1175671 905885 910063 936327 942441 942587 944300 951608 963041 974092 CVE-2010-1163 CVE-2010-1172 CVE-2010-1646 CVE-2010-4000 CVE-2011-0010 CVE-2011-2895 CVE-2012-2337 CVE-2013-0292 CVE-2013-1775 CVE-2013-1776 CVE-2013-6462 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 CVE-2014-3970 CVE-2014-9680 CVE-2015-1802 CVE-2015-1803 CVE-2015-1804 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871 CVE-2017-0381 CVE-2017-18344 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2018-10853 CVE-2018-10915 CVE-2018-10925 CVE-2018-11212 CVE-2018-13785 CVE-2018-16435 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 CVE-2018-3646 CVE-2019-0196 CVE-2019-0197 CVE-2019-0211 CVE-2019-0217 CVE-2019-0220 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 CVE-2019-2422 CVE-2019-2426 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 CVE-2019-5108 CVE-2020-15810 CVE-2020-15811 CVE-2020-1749 CVE-2020-24606 SUSE-SU-2015:2058-1 SUSE-SU-2017:0436-1 SUSE-SU-2017:0695-1 SUSE-SU-2017:2035-1 SUSE-SU-2018:3377-1 SUSE-SU-2019:0057-1 SUSE-SU-2019:0878-1 SUSE-SU-2019:0897-1 SUSE-SU-2019:1392-1 SUSE-SU-2020:2471-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information libjpeg-turbo-1.5.3-lp150.3 is installed OR libjpeg8-8.1.2-lp150.3 is installed OR libturbojpeg0-8.1.2-lp150.3 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND system-user-root-20190513-lp151.3.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information ntp-4.2.8p4-5 is installed OR ntp-doc-4.2.8p4-5 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information dbus-1-1.8.22-24.8 is installed OR dbus-1-x11-1.8.22-24.8 is installed OR libdbus-1-3-1.8.22-24.8 is installed OR libdbus-1-3-32bit-1.8.22-24.8 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_121-default-6-2 is installed OR kgraft-patch-3_12_74-60_64_121-xen-6-2 is installed OR kgraft-patch-SLE12-SP1_Update_36-6-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information dbus-1-glib-0.100.2-3 is installed OR dbus-1-glib-32bit-0.100.2-3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information libwireshark9-2.4.10-48.32 is installed OR libwiretap7-2.4.10-48.32 is installed OR libwscodecs1-2.4.10-48.32 is installed OR libwsutil8-2.4.10-48.32 is installed OR wireshark-2.4.10-48.32 is installed OR wireshark-gtk-2.4.10-48.32 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information git-2.12.3-27.14 is installed OR git-core-2.12.3-27.14 is installed OR git-doc-2.12.3-27.14 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_114-92_67-default-6-2 is installed OR kgraft-patch-SLE12-SP2_Update_19-6-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND apache-commons-httpclient-3.1-4 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information xen-4.9.4_06-3.62 is installed OR xen-doc-html-4.9.4_06-3.62 is installed OR xen-libs-4.9.4_06-3.62 is installed OR xen-libs-32bit-4.9.4_06-3.62 is installed OR xen-tools-4.9.4_06-3.62 is installed OR xen-tools-domU-4.9.4_06-3.62 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_175-94_79-default-4-2 is installed OR kgraft-patch-SLE12-SP3_Update_23-4-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information MozillaFirefox-52.9.0esr-109.38 is installed OR MozillaFirefox-translations-52.9.0esr-109.38 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND autofs-5.0.9-28.3 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information postgresql96-9.6.10-3.22 is installed OR postgresql96-contrib-9.6.10-3.22 is installed OR postgresql96-docs-9.6.10-3.22 is installed OR postgresql96-libs-9.6.10-3.22 is installed OR postgresql96-server-9.6.10-3.22 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information libsolv-0.6.36-2.16 is installed OR libsolv-tools-0.6.36-2.16 is installed OR libzypp-16.20.0-2.39 is installed OR perl-solv-0.6.36-2.16 is installed OR python-solv-0.6.36-2.16 is installed OR zypper-1.13.51-21.26 is installed OR zypper-log-1.13.51-21.26 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information kernel-default-4.4.180-94.103 is installed OR kernel-default-base-4.4.180-94.103 is installed OR kernel-default-devel-4.4.180-94.103 is installed OR kernel-devel-4.4.180-94.103 is installed OR kernel-macros-4.4.180-94.103 is installed OR kernel-source-4.4.180-94.103 is installed OR kernel-syms-4.4.180-94.103 is installed OR kgraft-patch-4_4_180-94_103-default-1-4.3 is installed OR kgraft-patch-SLE12-SP3_Update_28-1-4.3 is installed
BACK