Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

openSUSE 15.1: Security Update 2020:0934-1 Moderate: NTP Denial of Service

opensuse
Calendar Grey July 6, 2020
Dist Opensuse Esm H88
An upgrade for openSUSE addresses several vulnerabilities in the ntp service, boosting both reliability and protection for its users.
An update that solves four vulnerabilities and has two fixes is now available.

Description

This update for ntp fixes the following issues:

ntp was updated to 4.2.8p15

- CVE-2020-11868: Fixed an issue which a server mode packet with spoofed

source address frequently send to the client ntpd could have caused

denial of service (bsc#1169740).

- CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a

broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355).

- CVE-2020-13817: Fixed an issue which an off-path attacker with the

ability to query time from victim's ntpd instance could have modified

the victim's clock by a limited amount (bsc#1172651).

- CVE-2020-15025: Fixed an issue which remote attacker could have caused

denial of service by consuming the memory when a CMAC key was used

andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334).

- Removed an OpenSSL version warning (bsc#992038 and bsc#1125401).

...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate denial of service ntp openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-934=1

Package List

- openSUSE Leap 15.1 (i586 x86_64):

ntp-4.2.8p15-lp151.2.3.1

ntp-debuginfo-4.2.8p15-lp151.2.3.1

ntp-debugsource-4.2.8p15-lp151.2.3.1

ntp-doc-4.2.8p15-lp151.2.3.1

References

https://www.suse.com/security/cve/CVE-2018-8956.html

https://www.suse.com/security/cve/CVE-2020-11868.html

https://www.suse.com/security/cve/CVE-2020-13817.html

https://www.suse.com/security/cve/CVE-2020-15025.html

https://bugzilla.suse.com/1125401

https://bugzilla.suse.com/1169740

https://bugzilla.suse.com/1171355

https://bugzilla.suse.com/1172651

https://bugzilla.suse.com/1173334

https://bugzilla.suse.com/992038

--

Announcement ID: openSUSE-SU-2020:0934-1
Rating: moderate
Affected Products: openSUSE Leap 15.1 le.

Topics%20covered

Topics Covered

security advisory moderate denial of service ntp openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here