Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

SUSE: 2016:1568-1 Critical: Ntp Issues Resolved and Fixes

suse
Calendar Grey June 14, 2016
Dist Suse Esm H88
Important SUSE upgrade for ntp addresses 17 vulnerabilities; review the corrections and guidelines for updating your system.
An update that solves 17 vulnerabilities and has two fixes An update that solves 17 vulnerabilities and has two fixes An update that solves 17 vulnerabilities and has two fixes is ...

Summary

ntp was updated to version 4.2.8p8 to fix 17 security issues. These security issues were fixed: - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC (bsc#977457). - CVE-2016-2519: ctl_getitem() return value not always checked (bsc#977458). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2015-7974: NTP did not verify peer associations of symmetric keys when authenticating packets, which might allowed remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key (bsc#962960). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). - CVE-2016-2516: Duplicate IPs on unconfig directives will cause an

Topics%20covered

Topics Covered

security advisory security issue critical SUSE ntp

References

#957226 #962960 #977450 #977451 #977452 #977455

#977457 #977458 #977459 #977461 #977464 #979302

#979981 #981422 #982064 #982065 #982066 #982067

#982068

Cross- CVE-2015-7704 CVE-2015-7705 CVE-2015-7974

CVE-2016-1547 CVE-2016-1548 CVE-2016-1549

CVE-2016-1550 CVE-2016-1551 CVE-2016-2516

CVE-2016-2517 CVE-2016-2518 CVE-2016-2519

CVE-2016-4953 CVE-2016-4954 CVE-2016-4955

CVE-2016-4956 CVE-2016-4957

Affected Products:

SUSE Linux Enterprise Server 12

SUSE Linux Enterprise Desktop 12

https://www.suse.com/security/cve/CVE-2015-7704.html

https://www.suse.com/security/cve/CVE-2015-7705.html

https://www.suse.com/security/cve/CVE-2015-7974.html

https://www.suse.com/security/cve/CVE-2016-1547.html

https://www.suse.com/security/cve/CVE-2016-1548.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2016:1568-1
Rating: important

Topics%20covered

Topics Covered

security advisory security issue critical SUSE ntp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here