Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
202
security advisorymoderatesecurity updateopenSUSE: 2018:3438-1 Moderate: NTP Buffer Overflow and Time Spoofing
An update that solves two vulnerabilities and has one errata is now available.. openSUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:3438-1 Rating: moderate References: #1083424 #1098531 #1111853 Cross-References: CVE-2018-12327 CVE-2018-7170 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for NTP to version 4.2.8p12 fixes the following vulnerabilities (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see http://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. This update was imported from the SUSE:SLE-12-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-1280=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): ntp-4.2.8p12-31.6.1 ntp-debuginfo-4.2.8p12-31.6.1 ntp-debugsource-4.2.8p12-31.6.1 ntp-doc-4.2.8p12-31.6.1 References: https://www.suse.com/security/cve/CVE-2018-12327.html https://www.suse.com/security/cve/CVE-2018-7170.html https://bugzilla.suse.com/1083424 https://bugzilla.suse.com/1098531 https://bugzilla.suse.com/1111853 -- . A new security update for openSUSE addresses vulnerabilities found in the ntp package, providing comprehensive patch guidance forimpacted installations.. openSUSE NTP Update, Security Patch, Time Protocol Fix. . Severity: Important. LinuxSecurity.com Team
Oct 25, 2018
•Important
OpenSUSE
100
security advisorymoderatebuffer overflowSUSE 2018:3386-1 Moderate: NTP Buffer Overflow And Time Spoofing
An update that solves two vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3386-1 Rating: moderate References: #1083424 #1098531 #1111853 Cross-References: CVE-2018-12327 CVE-2018-7170 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see http://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-2431=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): ntp-4.2.8p12-4.3.2 ntp-debuginfo-4.2.8p12-4.3.2 ntp-debugsource-4.2.8p12-4.3.2 References: https://www.suse.com/security/cve/CVE-2018-12327.html https://www.suse.com/security/cve/CVE-2018-7170.html https://bugzilla.suse.com/1083424 https://bugzilla.suse.com/1098531 https://bugzilla.suse.com/1111853 _______________________________________________ sle-security-updates mailing list
Oct 24, 2018
SuSE
100
security advisorymoderateSUSESUSE: 2018:3352-1 Moderate: NTP Stack Overflow And Time Spoofing
An update that solves two vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3352-1 Rating: moderate References: #1083424 #1098531 #1111853 Cross-References: CVE-2018-12327 CVE-2018-7170 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see http://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ntp-13832=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ntp-13832=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ntp-4.2.8p12-64.7.1 ntp-doc-4.2.8p12-64.7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ntp-debuginfo-4.2.8p12-64.7.1 ntp-debugsource-4.2.8p12-64.7.1 References: https://www.suse.com/security/cve/CVE-2018-12327.html https://www.suse.com/security/cve/CVE-2018-7170.html https://bugzilla.suse.com/1083424 https://bugzilla.suse.com/1098531 https://bugzilla.suse.com/1111853 _______________________________________________ sle-security-updates mailing list
Oct 23, 2018
SuSE
100
security advisorymoderateSUSESUSE: 2018:3351-1 Moderate: NTP Stack Overflow and Time Spoofing
An update that solves two vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3351-1 Rating: moderate References: #1083424 #1098531 #1111853 Cross-References: CVE-2018-12327 CVE-2018-7170 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see http://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-2399=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): ntp-4.2.8p12-46.29.2 ntp-debuginfo-4.2.8p12-46.29.2 ntp-debugsource-4.2.8p12-46.29.2 ntp-doc-4.2.8p12-46.29.2 References: https://www.suse.com/security/cve/CVE-2018-12327.html https://www.suse.com/security/cve/CVE-2018-7170.html https://bugzilla.suse.com/1083424 https://bugzilla.suse.com/1098531 https://bugzilla.suse.com/1111853 _______________________________________________ sle-security-updates mailing list
Oct 23, 2018
SuSE
98
security advisorymoderateRed HatRed Hat: RHSA-2009:0046-01 Moderate: NTP Time Spoofing Attack
Updated ntp packages to correct a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ntp security update Advisory ID: RHSA-2009:0046-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:0046.html Issue date: 2009-01-29 CVE Names: CVE-2009-0021 ==================================================================== 1. Summary: Updated ntp packages to correct a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. A flaw was discovered in the way the ntpd daemon checked the return value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4 authentication, this could lead to an incorrect verification of cryptographic signatures, allowing time-spoofing attacks. (CVE-2009-0021) Note: This issue only affects systems that have enabled NTP authentication. By default, NTP authentication is not enabled. All ntp users are advised to upgrade to the updated packages, which contain a backported patch to resolve this issue. After installing the update, the ntpd daemon willrestart automatically. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 476807 - CVE-2009-0021 ntp incorrectly checks for malformed signatures 6. Package List: Red Hat Enterprise Linux AS version 4: Source: i386: ntp-4.2.0.a.20040617-8.el4_7.1.i386.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.i386.rpm ia64: ntp-4.2.0.a.20040617-8.el4_7.1.ia64.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.ia64.rpm ppc: ntp-4.2.0.a.20040617-8.el4_7.1.ppc.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.ppc.rpm s390: ntp-4.2.0.a.20040617-8.el4_7.1.s390.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.s390.rpm s390x: ntp-4.2.0.a.20040617-8.el4_7.1.s390x.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.s390x.rpm x86_64: ntp-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: ntp-4.2.0.a.20040617-8.el4_7.1.i386.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.i386.rpm x86_64: ntp-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: ntp-4.2.0.a.20040617-8.el4_7.1.i386.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.i386.rpm ia64: ntp-4.2.0.a.20040617-8.el4_7.1.ia64.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.ia64.rpm x86_64: ntp-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: i386: ntp-4.2.0.a.20040617-8.el4_7.1.i386.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.i386.rpm ia64: ntp-4.2.0.a.20040617-8.el4_7.1.ia64.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.ia64.rpm x86_64: ntp-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5client): Source: i386: ntp-4.2.2p1-9.el5_3.1.i386.rpm ntp-debuginfo-4.2.2p1-9.el5_3.1.i386.rpm x86_64: ntp-4.2.2p1-9.el5_3.1.x86_64.rpm ntp-debuginfo-4.2.2p1-9.el5_3.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: i386: ntp-4.2.2p1-9.el5_3.1.i386.rpm ntp-debuginfo-4.2.2p1-9.el5_3.1.i386.rpm ia64: ntp-4.2.2p1-9.el5_3.1.ia64.rpm ntp-debuginfo-4.2.2p1-9.el5_3.1.ia64.rpm ppc: ntp-4.2.2p1-9.el5_3.1.ppc.rpm ntp-debuginfo-4.2.2p1-9.el5_3.1.ppc.rpm s390x: ntp-4.2.2p1-9.el5_3.1.s390x.rpm ntp-debuginfo-4.2.2p1-9.el5_3.1.s390x.rpm x86_64: ntp-4.2.2p1-9.el5_3.1.x86_64.rpm ntp-debuginfo-4.2.2p1-9.el5_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2009-0021 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJgXumXlSAg2UNWIIRAtr1AJ94UAhnyto2JyiVTP/MVr2s8naqngCdEcid 2gortoMBGP2wrCbIv79epJY=dCyt -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jan 29, 2009
Red Hat
98
security advisorysecurity issueRed HatRedHat: RHSA-2021:0186-01 Critical: Vulnerability in NTP Exploit Risk
Updated ntp packages to correct a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ntp security update Advisory ID: RHSA-2009:0046-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:0046.html Issue date: 2009-01-29 CVE Names: CVE-2009-0021 ==================================================================== 1. Summary: Updated ntp packages to correct a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. A flaw was discovered in the way the ntpd daemon checked the return value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4 authentication, this could lead to an incorrect verification of cryptographic signatures, allowing time-spoofing attacks. (CVE-2009-0021) Note: This issue only affects systems that have enabled NTP authentication. By default, NTP authentication is not enabled. All ntp users are advised to upgrade to the updated packages, which contain a backported patch to resolve this issue. After installing the update, the ntpd daemon will restartautomatically. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 476807 - CVE-2009-0021 ntp incorrectly checks for malformed signatures 6. Package List: Red Hat Enterprise Linux AS version 4: Source: i386: ntp-4.2.0.a.20040617-8.el4_7.1.i386.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.i386.rpm ia64: ntp-4.2.0.a.20040617-8.el4_7.1.ia64.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.ia64.rpm ppc: ntp-4.2.0.a.20040617-8.el4_7.1.ppc.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.ppc.rpm s390: ntp-4.2.0.a.20040617-8.el4_7.1.s390.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.s390.rpm s390x: ntp-4.2.0.a.20040617-8.el4_7.1.s390x.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.s390x.rpm x86_64: ntp-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: ntp-4.2.0.a.20040617-8.el4_7.1.i386.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.i386.rpm x86_64: ntp-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: ntp-4.2.0.a.20040617-8.el4_7.1.i386.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.i386.rpm ia64: ntp-4.2.0.a.20040617-8.el4_7.1.ia64.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.ia64.rpm x86_64: ntp-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm Red Hat Enterprise Linux WS version4: Source: i386: ntp-4.2.0.a.20040617-8.el4_7.1.i386.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.i386.rpm ia64: ntp-4.2.0.a.20040617-8.el4_7.1.ia64.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.ia64.rpm x86_64: ntp-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm ntp-debuginfo-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: ntp-4.2.2p1-9.el5_3.1.i386.rpm ntp-debuginfo-4.2.2p1-9.el5_3.1.i386.rpm x86_64: ntp-4.2.2p1-9.el5_3.1.x86_64.rpm ntp-debuginfo-4.2.2p1-9.el5_3.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: i386: ntp-4.2.2p1-9.el5_3.1.i386.rpm ntp-debuginfo-4.2.2p1-9.el5_3.1.i386.rpm ia64: ntp-4.2.2p1-9.el5_3.1.ia64.rpm ntp-debuginfo-4.2.2p1-9.el5_3.1.ia64.rpm ppc: ntp-4.2.2p1-9.el5_3.1.ppc.rpm ntp-debuginfo-4.2.2p1-9.el5_3.1.ppc.rpm s390x: ntp-4.2.2p1-9.el5_3.1.s390x.rpm ntp-debuginfo-4.2.2p1-9.el5_3.1.s390x.rpm x86_64: ntp-4.2.2p1-9.el5_3.1.x86_64.rpm ntp-debuginfo-4.2.2p1-9.el5_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.cve.org/CVERecord?id=CVE-2009-0021 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2009 Red Hat, Inc. . Enhancements to the ntp software for CentOS mitigate moderate threats related to time sync vulnerabilities and possible exploitations.. RedHat, NTP, SecurityUpdate, AttackMitigation, TimeSync. . Severity: Important. LinuxSecurity.com Team
Jan 29, 2009
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!