Oval Definition:oval:org.opensuse.security:def:65836
Revision Date:2020-12-01Version:1
Title:Security update for ntp (Moderate)
Description:

This update for ntp fixes the following issues:

ntp was updated to 4.2.8p15

- CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service (bsc#1169740). - CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355). - CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651). - CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334). - Removed an OpenSSL version warning (bsc#992038 and bsc#1125401).
Family:unixClass:patch
Status:Reference(s):1051510
1065729
1071995
1085030
1111666
1112178
1113956
1114279
1125401
1144333
1148868
1150660
1151927
1152107
1152624
1158983
1159058
1161016
1162002
1162063
1163309
1166985
1167104
1168081
1168959
1169194
1169514
1169740
1169771
1169795
1170011
1170442
1170592
1170617
1170618
1171124
1171355
1171424
1171529
1171530
1171558
1171732
1171739
1171743
1171753
1171759
1171835
1171841
1171868
1171904
1172247
1172257
1172344
1172458
1172484
1172537
1172538
1172651
1172687
1172719
1172759
1172775
1172781
1172782
1172783
1172871
1172872
1172999
1173060
1173074
1173146
1173265
1173280
1173284
1173334
1173428
1173514
1173567
1173573
1173659
1173746
1173818
1173820
1173825
1173826
1173833
1173838
1173839
1173845
1173857
1174113
1174115
1174122
1174123
1174186
1174187
1174296
1174343
1174356
1174409
1174438
1174462
1174543
992038
CVE-2018-8956
CVE-2019-16746
CVE-2019-20810
CVE-2019-20908
CVE-2020-0305
CVE-2020-10766
CVE-2020-10767
CVE-2020-10768
CVE-2020-10769
CVE-2020-10773
CVE-2020-10781
CVE-2020-11868
CVE-2020-12771
CVE-2020-12888
CVE-2020-13817
CVE-2020-13974
CVE-2020-14416
CVE-2020-15025
CVE-2020-15393
CVE-2020-15780
SUSE-SU-2020:1823-1
Platform(s):SUSE Linux Enterprise Module for Legacy Software 15 SP1
SUSE Linux Enterprise Module for Live Patching 15 SP1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Legacy Software 15 SP1 is installed
  • AND ntp-4.2.8p15-4.10 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed
  • AND Package Information
  • kernel-default-4.12.14-197.48 is installed
  • OR kernel-default-livepatch-4.12.14-197.48 is installed
  • OR kernel-default-livepatch-devel-4.12.14-197.48 is installed
  • OR kernel-livepatch-4_12_14-197_48-default-1-3.3 is installed
  • OR kernel-livepatch-SLE15-SP1_Update_13-1-3.3 is installed
  • BACK