Alerts This Week
Warning Icon 1 684
Alerts This Week
Warning Icon 1 684

openSUSE Leap 42.1 Security Advisory: Important NTP Authentication Exploit

opensuse
Calendar Grey June 20, 2016
Dist Opensuse Esm H88
A vital upgrade for openSUSE ntp addresses numerous significant vulnerabilities and boosts overall system stability and efficiency.
An update that solves 5 vulnerabilities and has four fixes An update that solves 5 vulnerabilities and has four fixes An update that solves 5 vulnerabilities and has four fixes is ...

Description

ntp was updated to version 4.2.8p8 to fix five security issues.

These security issues were fixed:

- CVE-2016-4953: Bad authentication demobilizes ephemeral associations

(bsc#982065).

- CVE-2016-4954: Processing spoofed server packets (bsc#982066).

- CVE-2016-4955: Autokey association reset (bsc#982067).

- CVE-2016-4956: Broadcast interleave (bsc#982068).

- CVE-2016-4957: CRYPTO_NAK crash (bsc#982064).

These non-security issues were fixed:

- Keep the parent process alive until the daemon has finished

initialisation, to make sure that the PID file exists when the parent

returns.

- bsc#979302: Change the process name of the forking DNS worker process to

avoid the impression that ntpd is started twice.

- bsc#981422: Don't ignore SIGCHILD because it breaks wait().

- bsc#979981: ntp-wait does not accept fractional seconds, so use 1

instead of 0.2 in ntp-wait.service.

- Separate the creation of ntp.keys and key #1 in it to...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory important ntp update authentication exploit software fixes openSUSE system patching

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2016-750=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.1 (i586 x86_64):

ntp-4.2.8p8-24.1

ntp-debuginfo-4.2.8p8-24.1

ntp-debugsource-4.2.8p8-24.1

ntp-doc-4.2.8p8-24.1

References

https://www.suse.com/security/cve/CVE-2016-4953.html

https://www.suse.com/security/cve/CVE-2016-4954.html

https://www.suse.com/security/cve/CVE-2016-4955.html

https://www.suse.com/security/cve/CVE-2016-4956.html

https://www.suse.com/security/cve/CVE-2016-4957.html

https://bugzilla.suse.com/979302

https://bugzilla.suse.com/979981

https://bugzilla.suse.com/981422

https://bugzilla.suse.com/982056

https://bugzilla.suse.com/982064

https://bugzilla.suse.com/982065

https://bugzilla.suse.com/982066

https://bugzilla.suse.com/982067

https://bugzilla.suse.com/982068

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2016:1636-1
Rating: important
Affected Products: openSUSE Leap 42.1

Topics%20covered

Topics Covered

security advisory important ntp update authentication exploit software fixes openSUSE system patching

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here