SUSE: 2018:1765-1 Moderate: NTP Vulnerability Fix Overview

suse

June 20, 2018

An update that solves 6 vulnerabilities and has two fixes is now available

Summary

This update for ntp fixes the following issues: - Update to 4.2.8p11 (bsc#1082210): * CVE-2016-1549: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. * CVE-2018-7182: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. (bsc#1083426) * CVE-2018-7170: Multiple authenticated ephemeral associations. (bsc#1083424) * CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state. (bsc#1083422) * CVE-2018-7185: Unauthenticated packet can reset authenticated interleaved association. (bsc#1083420) * CVE-2018-7183: ntpq:decodearr() can write beyond its buffer limit.(bsc#1083417) - Don't use libevent's cached time stamps in sntp. (bsc#1077445)

Topics Covered

security advisory moderate information leak software update SUSE ntp

References

#1077445 #1082063 #1082210 #1083417 #1083420

#1083422 #1083424 #1083426

Cross- CVE-2016-1549 CVE-2018-7170 CVE-2018-7182

CVE-2018-7183 CVE-2018-7184 CVE-2018-7185

Affected Products:

SUSE OpenStack Cloud 7

SUSE Linux Enterprise Server for SAP 12-SP2

SUSE Linux Enterprise Server for SAP 12-SP1

SUSE Linux Enterprise Server 12-SP3

SUSE Linux Enterprise Server 12-SP2-LTSS

SUSE Linux Enterprise Server 12-SP1-LTSS

SUSE Linux Enterprise Desktop 12-SP3

SUSE Enterprise Storage 4

SUSE CaaS Platform ALL

https://www.suse.com/security/cve/CVE-2016-1549.html

https://www.suse.com/security/cve/CVE-2018-7170.html

https://www.suse.com/security/cve/CVE-2018-7182.html

https://www.suse.com/security/cve/CVE-2018-7183.html

https://www.suse.com/security/cve/CVE-2...

Read the Full Advisory

Announcement ID: SUSE-SU-2018:1765-1

Rating: moderate

Topics Covered

security advisory moderate information leak software update SUSE ntp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2018:1765-1 Moderate: NTP Vulnerability Fix Overview

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2018:1765-1 Moderate: NTP Vulnerability Fix Overview

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!