What Are You Looking For?

Sign Up
   openSUSE Security Update: Security update for ntp
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2018:3452-1
Rating:             moderate
References:         #1083424 #1098531 #1111853 
Cross-References:   CVE-2018-12327 CVE-2018-7170
Affected Products:
                    openSUSE Leap 15.0
______________________________________________________________________________

   An update that solves two vulnerabilities and has one
   errata is now available.

Description:


   NTP was updated to 4.2.8p12 (bsc#1111853):

   - CVE-2018-12327: Fixed stack buffer overflow in the openhost()
     command-line call of NTPQ/NTPDC. (bsc#1098531)
   - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral
     association time spoofing additional protection (bsc#1083424)

   Please also see
   https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for
   more information.


   This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.0:

      zypper in -t patch openSUSE-2018-1275=1



Package List:

   - openSUSE Leap 15.0 (i586 x86_64):

      ntp-4.2.8p12-lp150.3.3.1
      ntp-debuginfo-4.2.8p12-lp150.3.3.1
      ntp-debugsource-4.2.8p12-lp150.3.3.1
      ntp-doc-4.2.8p12-lp150.3.3.1


References:

   https://www.suse.com/security/cve/CVE-2018-12327.html
   https://www.suse.com/security/cve/CVE-2018-7170.html
   https://bugzilla.suse.com/1083424
   https://bugzilla.suse.com/1098531
   https://bugzilla.suse.com/1111853

--

openSUSE: 2018:3452-1: moderate: ntp

October 25, 2018
An update that solves two vulnerabilities and has one errata is now available.

Description

NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. This update was imported from the SUSE:SLE-15:Update update project.

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-1275=1


Package List

- openSUSE Leap 15.0 (i586 x86_64): ntp-4.2.8p12-lp150.3.3.1 ntp-debuginfo-4.2.8p12-lp150.3.3.1 ntp-debugsource-4.2.8p12-lp150.3.3.1 ntp-doc-4.2.8p12-lp150.3.3.1


References

https://www.suse.com/security/cve/CVE-2018-12327.html https://www.suse.com/security/cve/CVE-2018-7170.html https://bugzilla.suse.com/1083424 https://bugzilla.suse.com/1098531 https://bugzilla.suse.com/1111853--


Severity
Announcement ID: openSUSE-SU-2018:3452-1
Rating: moderate
Affected Products: openSUSE Leap 15.0 le.

Related News

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo