Security update for ntp SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1423-1 Final 1 1 2016-05-27T10:09:00Z current 2016-05-27T10:09:00Z 2016-05-27T10:09:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ntp This update for ntp fixes the following issues: - Update to 4.2.8p7 (boo#977446): * CVE-2016-1547, boo#977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. * CVE-2016-1548, boo#977461: Interleave-pivot * CVE-2016-1549, boo#977451: Sybil vulnerability: ephemeral association attack. * CVE-2016-1550, boo#977464: Improve NTP security against buffer comparison timing attacks. * CVE-2016-1551, boo#977450: Refclock impersonation vulnerability * CVE-2016-2516, boo#977452: Duplicate IPs on unconfig directives will cause an assertion botch in ntpd. * CVE-2016-2517, boo#977455: remote configuration trustedkey/ requestkey/controlkey values are not properly validated. * CVE-2016-2518, boo#977457: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC. * CVE-2016-2519, boo#977458: ctl_getitem() return value not always checked. * integrate ntp-fork.patch * Improve the fixes for: CVE-2015-7704, CVE-2015-7705, CVE-2015-7974 - Restrict the parser in the startup script to the first occurrance of "keys" and "controlkey" in ntp.conf (boo#957226). - Enable compile-time support for MS-SNTP (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added the authreg directive. (fate#320758). - Fix ntp-sntp-dst.patch (boo#975496). - Call /usr/sbin/sntp with full path to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. (boo#962318) - Speedup ntpq (boo#782060, ntp-speedup-ntpq.patch). - Sync service files with openSUSE Factory. - Fix the TZ offset output of sntp during DST (boo#951559). - Add ntp-fork.patch and build with threads disabled to allow name resolution even when running chrooted. - Update to 4.2.8p6: * CVE-2015-8158, boo#962966: Potential Infinite Loop in ntpq. * CVE-2015-8138, boo#963002: origin: Zero Origin Timestamp Bypass. * CVE-2015-7979, boo#962784: Off-path Denial of Service (DoS) attack on authenticated broadcast mode. * CVE-2015-7978, boo#963000: Stack exhaustion in recursive traversal of restriction list. * CVE-2015-7977, boo#962970: reslist NULL pointer dereference. * CVE-2015-7976, boo#962802: ntpq saveconfig command allows dangerous characters in filenames. * CVE-2015-7975, boo#962988: nextvar() missing length check. * CVE-2015-7974, boo#962960: Skeleton Key: Missing key check allows impersonation between authenticated peers. * CVE-2015-7973, boo#962995: Deja Vu: Replay attack on authenticated broadcast mode. * CVE-2015-8140: ntpq vulnerable to replay attacks. * CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin. * CVE-2015-5300, boo#951629: Small-step/Big-step. - Add /var/db/ntp-kod (boo#916617). - Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems (boo#956773). - add ntp.bug2965.diff (boo#954982) * fixes regression in 4.2.8p4 update - Update to 4.2.8p4 to fix several security issues (boo#951608): * CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK * CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values * CVE-2015-7854: Password Length Memory Corruption Vulnerability * CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow * CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability * CVE-2015-7851 saveconfig Directory Traversal Vulnerability * CVE-2015-7850 remote config logfile-keyfile * CVE-2015-7849 trusted key use-after-free * CVE-2015-7848 mode 7 loop counter underrun * CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC * CVE-2015-7703 configuration directives "pidfile" and "driftfile" should only be allowed locally * CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field * CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks * obsoletes ntp-memlock.patch. - Add a controlkey line to /etc/ntp.conf if one does not already exist to allow runtime configuuration via ntpq. - Temporarily disable memlock to avoid problems due to high memory usage during name resolution (boo#946386, ntp-memlock.patch). - Use SHA1 instead of MD5 for symmetric keys (boo#905885). - Improve runtime configuration: * Read keytype from ntp.conf * Don't write ntp keys to syslog. - Fix legacy action scripts to pass on command line arguments. - Remove ntp.1.gz, it wasn't installed anymore. - Remove ntp-4.2.7-rh-manpages.tar.gz and only keep ntptime.8.gz. The rest is partially irrelevant, partially redundant and potentially outdated (boo#942587). - Remove "kod" from the restrict line in ntp.conf (boo#944300). - Use ntpq instead of deprecated ntpdc in start-ntpd (boo#936327). - Add a controlkey to ntp.conf to make the above work. - Don't let "keysdir" lines in ntp.conf trigger the "keys" parser. - Disable mode 7 (ntpdc) again, now that we don't use it anymore. - Add "addserver" as a new legacy action. - Fix the comment regarding addserver in ntp.conf (boo#910063). - Update to version 4.2.8p3 which incorporates all security fixes and most other patches we have so far (fate#319040). More information on: http://archive.ntp.org/ntp4/ChangeLog-stable - Disable chroot by default (boo#926510). - Enable ntpdc for backwards compatibility (boo#920238). - Security fix: ntp-keygen may generate non-random symmetric keys The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html E-Mail link for openSUSE-SU-2016:1423-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 ntp-4.2.8p7-25.15.1 ntp-debuginfo-4.2.8p7-25.15.1 ntp-debugsource-4.2.8p7-25.15.1 ntp-doc-4.2.8p7-25.15.1 ntp-4.2.8p7-25.15.1 as a component of openSUSE 13.2 ntp-debuginfo-4.2.8p7-25.15.1 as a component of openSUSE 13.2 ntp-debugsource-4.2.8p7-25.15.1 as a component of openSUSE 13.2 ntp-doc-4.2.8p7-25.15.1 as a component of openSUSE 13.2 The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). CVE-2015-5300 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-5300.html CVE-2015-5300 https://bugzilla.suse.com/951629 SUSE Bug 951629 https://bugzilla.suse.com/959243 SUSE Bug 959243 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2015-7691 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-7691.html CVE-2015-7691 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 https://bugzilla.suse.com/992991 SUSE Bug 992991 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2015-7692 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-7692.html CVE-2015-7692 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 https://bugzilla.suse.com/992991 SUSE Bug 992991 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2015-7701 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate 6.4 AV:N/AC:L/Au:N/C:N/I:P/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-7701.html CVE-2015-7701 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 https://bugzilla.suse.com/992991 SUSE Bug 992991 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2015-7702 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-7702.html CVE-2015-7702 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 https://bugzilla.suse.com/992991 SUSE Bug 992991 The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. CVE-2015-7703 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-7703.html CVE-2015-7703 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/943216 SUSE Bug 943216 https://bugzilla.suse.com/943218 SUSE Bug 943218 https://bugzilla.suse.com/943219 SUSE Bug 943219 https://bugzilla.suse.com/943221 SUSE Bug 943221 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2015-7704 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-7704.html CVE-2015-7704 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/952611 SUSE Bug 952611 https://bugzilla.suse.com/959243 SUSE Bug 959243 https://bugzilla.suse.com/977446 SUSE Bug 977446 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2015-7705 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-7705.html CVE-2015-7705 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/952611 SUSE Bug 952611 https://bugzilla.suse.com/959243 SUSE Bug 959243 An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash. CVE-2015-7848 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-7848.html CVE-2015-7848 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 https://bugzilla.suse.com/992991 SUSE Bug 992991 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2015-7849 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-7849.html CVE-2015-7849 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 https://bugzilla.suse.com/992991 SUSE Bug 992991 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2015-7850 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-7850.html CVE-2015-7850 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 https://bugzilla.suse.com/992991 SUSE Bug 992991 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2015-7851 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-7851.html CVE-2015-7851 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2015-7852 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-7852.html CVE-2015-7852 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 https://bugzilla.suse.com/992991 SUSE Bug 992991 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2015-7853 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-7853.html CVE-2015-7853 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 https://bugzilla.suse.com/992991 SUSE Bug 992991 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2015-7854 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-7854.html CVE-2015-7854 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 https://bugzilla.suse.com/992991 SUSE Bug 992991 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2015-7855 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-7855.html CVE-2015-7855 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 https://bugzilla.suse.com/992991 SUSE Bug 992991 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2015-7871 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-7871.html CVE-2015-7871 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/952606 SUSE Bug 952606 https://bugzilla.suse.com/959243 SUSE Bug 959243 NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. CVE-2015-7973 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-7973.html CVE-2015-7973 https://bugzilla.suse.com/959243 SUSE Bug 959243 https://bugzilla.suse.com/962995 SUSE Bug 962995 https://bugzilla.suse.com/975578 SUSE Bug 975578 NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." CVE-2015-7974 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-7974.html CVE-2015-7974 https://bugzilla.suse.com/959243 SUSE Bug 959243 https://bugzilla.suse.com/962960 SUSE Bug 962960 https://bugzilla.suse.com/962995 SUSE Bug 962995 https://bugzilla.suse.com/975578 SUSE Bug 975578 The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash). CVE-2015-7975 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-7975.html CVE-2015-7975 https://bugzilla.suse.com/959243 SUSE Bug 959243 https://bugzilla.suse.com/962988 SUSE Bug 962988 https://bugzilla.suse.com/962995 SUSE Bug 962995 https://bugzilla.suse.com/975578 SUSE Bug 975578 The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. CVE-2015-7976 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-7976.html CVE-2015-7976 https://bugzilla.suse.com/962802 SUSE Bug 962802 https://bugzilla.suse.com/962995 SUSE Bug 962995 https://bugzilla.suse.com/975578 SUSE Bug 975578 ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. CVE-2015-7977 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-7977.html CVE-2015-7977 https://bugzilla.suse.com/959243 SUSE Bug 959243 https://bugzilla.suse.com/962970 SUSE Bug 962970 https://bugzilla.suse.com/962995 SUSE Bug 962995 https://bugzilla.suse.com/975578 SUSE Bug 975578 NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list. CVE-2015-7978 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate 2.8 AV:N/AC:M/Au:M/C:N/I:N/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-7978.html CVE-2015-7978 https://bugzilla.suse.com/959243 SUSE Bug 959243 https://bugzilla.suse.com/962970 SUSE Bug 962970 https://bugzilla.suse.com/962995 SUSE Bug 962995 https://bugzilla.suse.com/963000 SUSE Bug 963000 https://bugzilla.suse.com/975578 SUSE Bug 975578 NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client. CVE-2015-7979 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-7979.html CVE-2015-7979 https://bugzilla.suse.com/959243 SUSE Bug 959243 https://bugzilla.suse.com/962784 SUSE Bug 962784 https://bugzilla.suse.com/962995 SUSE Bug 962995 https://bugzilla.suse.com/975578 SUSE Bug 975578 https://bugzilla.suse.com/977459 SUSE Bug 977459 https://bugzilla.suse.com/982065 SUSE Bug 982065 NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero. CVE-2015-8138 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate 4.9 AV:N/AC:L/Au:N/C:N/I:P/A:N Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-8138.html CVE-2015-8138 https://bugzilla.suse.com/951608 SUSE Bug 951608 https://bugzilla.suse.com/959243 SUSE Bug 959243 https://bugzilla.suse.com/963002 SUSE Bug 963002 https://bugzilla.suse.com/974668 SUSE Bug 974668 https://bugzilla.suse.com/975578 SUSE Bug 975578 https://bugzilla.suse.com/977446 SUSE Bug 977446 ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors. CVE-2015-8139 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-8139.html CVE-2015-8139 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/959243 SUSE Bug 959243 https://bugzilla.suse.com/962997 SUSE Bug 962997 https://bugzilla.suse.com/975578 SUSE Bug 975578 The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. CVE-2015-8140 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-8140.html CVE-2015-8140 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/959243 SUSE Bug 959243 https://bugzilla.suse.com/962994 SUSE Bug 962994 https://bugzilla.suse.com/975578 SUSE Bug 975578 The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values. CVE-2015-8158 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2015-8158.html CVE-2015-8158 https://bugzilla.suse.com/959243 SUSE Bug 959243 https://bugzilla.suse.com/962966 SUSE Bug 962966 https://bugzilla.suse.com/975578 SUSE Bug 975578 An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled. CVE-2016-1547 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2016-1547.html CVE-2016-1547 https://bugzilla.suse.com/962784 SUSE Bug 962784 https://bugzilla.suse.com/977446 SUSE Bug 977446 https://bugzilla.suse.com/977459 SUSE Bug 977459 https://bugzilla.suse.com/982064 SUSE Bug 982064 https://bugzilla.suse.com/982065 SUSE Bug 982065 An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched. CVE-2016-1548 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate 6.4 AV:N/AC:L/Au:N/C:N/I:P/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2016-1548.html CVE-2016-1548 https://bugzilla.suse.com/959243 SUSE Bug 959243 https://bugzilla.suse.com/977446 SUSE Bug 977446 https://bugzilla.suse.com/977461 SUSE Bug 977461 https://bugzilla.suse.com/982068 SUSE Bug 982068 A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock. CVE-2016-1549 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate 3.4 AV:N/AC:M/Au:S/C:N/I:P/A:N Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2016-1549.html CVE-2016-1549 https://bugzilla.suse.com/977446 SUSE Bug 977446 https://bugzilla.suse.com/977451 SUSE Bug 977451 An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key. CVE-2016-1550 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate 2.6 AV:L/AC:H/Au:N/C:P/I:P/A:N Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2016-1550.html CVE-2016-1550 https://bugzilla.suse.com/977446 SUSE Bug 977446 https://bugzilla.suse.com/977464 SUSE Bug 977464 ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock's peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker. CVE-2016-1551 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate 2.5 AV:N/AC:H/Au:N/C:N/I:P/A:N Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2016-1551.html CVE-2016-1551 https://bugzilla.suse.com/977446 SUSE Bug 977446 https://bugzilla.suse.com/977450 SUSE Bug 977450 NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive. CVE-2016-2516 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate 6.3 AV:N/AC:M/Au:S/C:N/I:N/A:C Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2016-2516.html CVE-2016-2516 https://bugzilla.suse.com/0 SUSE Bug 0 https://bugzilla.suse.com/977446 SUSE Bug 977446 https://bugzilla.suse.com/977452 SUSE Bug 977452 NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression. CVE-2016-2517 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate 4.9 AV:N/AC:H/Au:S/C:N/I:N/A:C Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2016-2517.html CVE-2016-2517 https://bugzilla.suse.com/0 SUSE Bug 0 https://bugzilla.suse.com/977446 SUSE Bug 977446 https://bugzilla.suse.com/977455 SUSE Bug 977455 The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. CVE-2016-2518 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate 2.1 AV:N/AC:H/Au:S/C:N/I:N/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2016-2518.html CVE-2016-2518 https://bugzilla.suse.com/977446 SUSE Bug 977446 https://bugzilla.suse.com/977457 SUSE Bug 977457 ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value. CVE-2016-2519 openSUSE 13.2:ntp-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debuginfo-4.2.8p7-25.15.1 openSUSE 13.2:ntp-debugsource-4.2.8p7-25.15.1 openSUSE 13.2:ntp-doc-4.2.8p7-25.15.1 moderate 4.9 AV:N/AC:H/Au:S/C:N/I:N/A:C Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html https://www.suse.com/security/cve/CVE-2016-2519.html CVE-2016-2519 https://bugzilla.suse.com/0 SUSE Bug 0 https://bugzilla.suse.com/959243 SUSE Bug 959243 https://bugzilla.suse.com/977446 SUSE Bug 977446 https://bugzilla.suse.com/977458 SUSE Bug 977458