Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

openSUSE 15.1: Security Update 2020:0934-1 Moderate: NTP Denial of Service

opensuse
Calendar Grey July 6, 2020
Dist Opensuse Esm H88
openSUSE Security Update: Security update for ntp __________________________________________________
An update that solves four vulnerabilities and has two fixes is now available.

Description

This update for ntp fixes the following issues:

ntp was updated to 4.2.8p15

- CVE-2020-11868: Fixed an issue which a server mode packet with spoofed

source address frequently send to the client ntpd could have caused

denial of service (bsc#1169740).

- CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a

broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355).

- CVE-2020-13817: Fixed an issue which an off-path attacker with the

ability to query time from victim's ntpd instance could have modified

the victim's clock by a limited amount (bsc#1172651).

- CVE-2020-15025: Fixed an issue which remote attacker could have caused

denial of service by consuming the memory when a CMAC key was used

andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334).

- Removed an OpenSSL version warning (bsc#992038 and bsc#1125401).

...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-934=1

Package List

- openSUSE Leap 15.1 (i586 x86_64):

ntp-4.2.8p15-lp151.2.3.1

ntp-debuginfo-4.2.8p15-lp151.2.3.1

ntp-debugsource-4.2.8p15-lp151.2.3.1

ntp-doc-4.2.8p15-lp151.2.3.1

References

https://www.suse.com/security/cve/CVE-2018-8956.html

https://www.suse.com/security/cve/CVE-2020-11868.html

https://www.suse.com/security/cve/CVE-2020-13817.html

https://www.suse.com/security/cve/CVE-2020-15025.html

https://bugzilla.suse.com/1125401

https://bugzilla.suse.com/1169740

https://bugzilla.suse.com/1171355

https://bugzilla.suse.com/1172651

https://bugzilla.suse.com/1173334

https://bugzilla.suse.com/992038

--

Announcement ID: openSUSE-SU-2020:0934-1
Rating: moderate
Affected Products: openSUSE Leap 15.1 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here