SUSE: 2016:1247-1 Critical: NTP Denial of Service Security Update

suse

May 6, 2016

An update that solves 28 vulnerabilities and has two fixes An update that solves 28 vulnerabilities and has two fixes An update that solves 28 vulnerabilities and has two fixes is ...

Summary

ntp was updated to version 4.2.8p6 to fix 28 security issues. Major functional changes: - The "sntp" commandline tool changed its option handling in a major way, some options have been renamed or dropped. - "controlkey 1" is added during update to ntp.conf to allow sntp to work. - The local clock is being disabled during update. - ntpd is no longer running chrooted. Other functional changes: - ntp-signd is installed. - "enable mode7" can be added to the configuration to allow ntdpc to work as compatibility mode option. - "kod" was removed from the default restrictions. - SHA1 keys are used by default instead of MD5 keys. Also yast2-ntp-client was updated to match some sntp syntax changes. (bsc#937837) These security issues were fixed: - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).

Topics Covered

security advisory DoS important SUSE security fixes ntp

References

#782060 #905885 #910063 #916617 #920238 #926510

#936327 #937837 #942587 #944300 #946386 #951559

#951608 #951629 #954982 #956773 #962318 #962784

#962802 #962960 #962966 #962970 #962988 #962994

#962995 #962997 #963000 #963002 #975496 #975981

Cross- CVE-2015-5300 CVE-2015-7691 CVE-2015-7692

CVE-2015-7701 CVE-2015-7702 CVE-2015-7703

CVE-2015-7704 CVE-2015-7705 CVE-2015-7848

CVE-2015-7849 CVE-2015-7850 CVE-2015-7851

CVE-2015-7852 CVE-2015-7853 CVE-2015-7854

CVE-2015-7855 CVE-2015-7871 CVE-2015-7973

CVE-2015-7974 CVE-2015-7975 CVE-2015-7976

CVE-2015-7977 CVE-2015-7978 CVE-2015-7979

CVE-2015-8138 CVE-2015-8139 CVE-2015-8140

CVE-2015-8158

Affected Products:

SUSE Linux Enterprise Software Developm...

Read the Full Advisory

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2016:1247-1

Rating: important

Topics Covered

security advisory DoS important SUSE security fixes ntp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2016:1247-1 Critical: NTP Denial of Service Security Update

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2016:1247-1 Critical: NTP Denial of Service Security Update

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!