Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2020:1823-1 Moderate Update for NTP with Security Fixes

suse
Calendar Grey July 2, 2020
Dist Suse Esm H88
SUSE has released a new advisory regarding ntp that highlights several critical security vulnerabilities and offers necessary patching guidance for its user base.
An update that solves four vulnerabilities and has two fixes is now available

Summary

This update for ntp fixes the following issues: ntp was updated to 4.2.8p15 - CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service (bsc#1169740). - CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355). - CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651). - CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used

Topics%20covered

Topics Covered

security advisory moderate Denial of Service time synchronization ntp SUSE Linux Enterprise

References

#1125401 #1169740 #1171355 #1172651 #1173334

#992038

Cross- CVE-2018-8956 CVE-2020-11868 CVE-2020-13817

CVE-2020-15025

Affected Products:

SUSE Linux Enterprise Server for SAP 15

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Module for Legacy Software 15-SP2

SUSE Linux Enterprise Module for Legacy Software 15-SP1

https://www.suse.com/security/cve/CVE-2018-8956.html

https://www.suse.com/security/cve/CVE-2020-11868.html

https://www.suse.com/security/cve/CVE-2020-13817.html

https://www.suse.com/security/cve/CVE-2020-15025.html

https://bugzilla.suse.com/1125401

https://bugzilla.suse.com/1169740

https://bugzilla.suse.com/1171355

https://bugzilla.suse.com/1172651

https://bugzilla.suse.com/1173334

https://bugzilla.suse.com/992038

Announcement ID: SUSE-SU-2020:1823-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate Denial of Service time synchronization ntp SUSE Linux Enterprise

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here