| Revision Date: | 2020-07-02 | Version: | 1 |
| Title: | Security update for ntp (Moderate) |
| Description: |
This update for ntp fixes the following issues:
ntp was updated to 4.2.8p15
- CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service (bsc#1169740). - CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355). - CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651). - CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334). - Removed an OpenSSL version warning (bsc#992038 and bsc#1125401).
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1125401
1169740
1171355
1172651
1173334
992038
CVE-2018-8956
CVE-2020-11868
CVE-2020-13817
CVE-2020-15025
SUSE-SU-2020:1823-1
|
| Platform(s): | SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Module for Legacy 15 SP1
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Server 4.0
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Module for Legacy 15 SP1 is installed AND ntp-4.2.8p15-4.10.1 is installed
|