SUSE: 2018:1464-1 Moderate: Ntp Security Update for Linux

suse

May 29, 2018

An update that solves 6 vulnerabilities and has three fixes is now available

Summary

This update for ntp fixes the following issues: - Update to 4.2.8p11 (bsc#1082210): * CVE-2016-1549: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. * CVE-2018-7182: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. (bsc#1083426) * CVE-2018-7170: Multiple authenticated ephemeral associations. (bsc#1083424) * CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state. (bsc#1083422) * CVE-2018-7185: Unauthenticated packet can reset authenticated interleaved association. (bsc#1083420) * CVE-2018-7183: ntpq:decodearr() can write beyond its buffer limit.(bsc#1083417) - Don't use libevent's cached time stamps in sntp. (bsc#1077445)

Topics Covered

security advisory moderate information leak buffer overflow ntp SUSE Linux Enterprise association attack

References

#1034892 #1077445 #1082063 #1082210 #1083417

#1083420 #1083422 #1083424 #1083426

Cross- CVE-2016-1549 CVE-2018-7170 CVE-2018-7182

CVE-2018-7183 CVE-2018-7184 CVE-2018-7185

Affected Products:

SUSE Linux Enterprise Server 12-LTSS

https://www.suse.com/security/cve/CVE-2016-1549.html

https://www.suse.com/security/cve/CVE-2018-7170.html

https://www.suse.com/security/cve/CVE-2018-7182.html

https://www.suse.com/security/cve/CVE-2018-7183.html

https://www.suse.com/security/cve/CVE-2018-7184.html

https://www.suse.com/security/cve/CVE-2018-7185.html

https://bugzilla.suse.com/1034892

https://bugzilla.suse.com/1077445

https://bugzilla.suse.com/1082063

https://bugzilla.suse.com/1082210

https://bugzilla.suse.com/1083417

Announcement ID: SUSE-SU-2018:1464-1

Rating: moderate

Topics Covered

security advisory moderate information leak buffer overflow ntp SUSE Linux Enterprise association attack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2018:1464-1 Moderate: Ntp Security Update for Linux

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2018:1464-1 Moderate: Ntp Security Update for Linux

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!