Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2020:1805-1 Important: Resolution for NTP Denial Of Service Issue

suse
Calendar Grey June 30, 2020
Dist Suse Esm H88
Debian Security Patch for ntp addresses several concerns of moderate priority, resolving different pathways for potential exploitation.
An update that fixes four vulnerabilities is now available

Summary

This update for ntp fixes the following issues: ntp was updated to 4.2.8p15 - CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service (bsc#1169740). - CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355). - CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651). - CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used

Topics%20covered

Topics Covered

security advisory denial of service update moderate severity SUSE ntp

References

#1169740 #1171355 #1172651 #1173334

Cross- CVE-2018-8956 CVE-2020-11868 CVE-2020-13817

CVE-2020-15025

Affected Products:

SUSE OpenStack Cloud Crowbar 8

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud 7

SUSE Linux Enterprise Server for SAP 12-SP3

SUSE Linux Enterprise Server for SAP 12-SP2

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Server 12-SP3-LTSS

SUSE Linux Enterprise Server 12-SP3-BCL

SUSE Linux Enterprise Server 12-SP2-LTSS

SUSE Linux Enterprise Server 12-SP2-BCL

SUSE Enterprise Storage 5

HPE Helion Openstack 8

https://www.suse.com/security/cve/CVE-2018-8956.html

https://www.suse.com/security/cve/CVE-2020-11868.html

https://www.suse.com/security/cve/CVE-2...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:1805-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory denial of service update moderate severity SUSE ntp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here