SUSE 11-SP4: SUSE-SU-2016:1175-1 Important Ntp DoS Fixes
suse
April 28, 2016
An update that solves 12 vulnerabilities and has 8 fixes is An update that solves 12 vulnerabilities and has 8 fixes is An update that solves 12 vulnerabilities and has 8 fixes is ...
Summary
ntp was updated to version 4.2.8p6 to fix 12 security issues. These security issues were fixed: - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966). - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002). - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784). - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000). - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970). - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames (bsc#962802). - CVE-2015-7975: nextvar() missing length check (bsc#962988). - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers (bsc#962960).
References
#782060 #784760 #916617 #951559 #951629 #956773
#962318 #962784 #962802 #962960 #962966 #962970
#962988 #962994 #962995 #962997 #963000 #963002
#975496 #975981
Cross- CVE-2015-5300 CVE-2015-7973 CVE-2015-7974
CVE-2015-7975 CVE-2015-7976 CVE-2015-7977
CVE-2015-7978 CVE-2015-7979 CVE-2015-8138
CVE-2015-8139 CVE-2015-8140 CVE-2015-8158
Affected Products:
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
https://www.suse.com/security/cve/CVE-2015-5300.html
https://www.suse.com/security/cve/CVE-2015-7973.html
https://www.suse.com/security/cve/CVE-2015-7974.html
https://www.suse.com/security/cve/CVE-2015-7975.html
https://www.suse.com/security/cve/CVE-2015-7976.html
https://www.suse.com/security/cve/CVE-2015-7977.html
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!