Security update for ntp

SUSE Security Update: Security update for ntp
Announcement ID: SUSE-SU-2016:1177-1
Rating: important
References: #782060 #916617 #937837 #951559 #951629 #956773 #962318 #962784 #962802 #962960 #962966 #962970 #962988 #962994 #962995 #962997 #963000 #963002 #975496 #975981
Affected Products:
  • SUSE Linux Enterprise Software Development Kit 12-SP1
  • SUSE Linux Enterprise Server 12-SP1
  • SUSE Linux Enterprise Desktop 12-SP1

  • An update that solves 12 vulnerabilities and has 8 fixes is now available.

    Description:

    ntp was updated to version 4.2.8p6 to fix 12 security issues.

    Also yast2-ntp-client was updated to match some sntp syntax changes.
    (bsc#937837)

    These security issues were fixed:
    - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).
    - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).
    - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated
    broadcast mode (bsc#962784).
    - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction
    list (bsc#963000).
    - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).
    - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in
    filenames (bsc#962802).
    - CVE-2015-7975: nextvar() missing length check (bsc#962988).
    - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation
    between authenticated peers (bsc#962960).
    - CVE-2015-7973: Replay attack on authenticated broadcast mode
    (bsc#962995).
    - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).
    - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).
    - CVE-2015-5300: MITM attacker could have forced ntpd to make a step
    larger than the panic threshold (bsc#951629).

    These non-security issues were fixed:
    - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP
    (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added
    the authreg directive.
    - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in
    start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which
    caused the synchronization to fail.
    - bsc#782060: Speedup ntpq.
    - bsc#916617: Add /var/db/ntp-kod.
    - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen
    quite a lot on loaded systems.
    - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST.
    - Add ntp-fork.patch and build with threads disabled to allow name
    resolution even when running chrooted.

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Software Development Kit 12-SP1:
      zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-694=1
    • SUSE Linux Enterprise Server 12-SP1:
      zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-694=1
    • SUSE Linux Enterprise Desktop 12-SP1:
      zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-694=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch):
      • yast2-ntp-client-devel-doc-3.1.22-6.2
    • SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
      • ntp-4.2.8p6-8.2
      • ntp-debuginfo-4.2.8p6-8.2
      • ntp-debugsource-4.2.8p6-8.2
      • ntp-doc-4.2.8p6-8.2
    • SUSE Linux Enterprise Server 12-SP1 (noarch):
      • yast2-ntp-client-3.1.22-6.2
    • SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
      • ntp-4.2.8p6-8.2
      • ntp-debuginfo-4.2.8p6-8.2
      • ntp-debugsource-4.2.8p6-8.2
      • ntp-doc-4.2.8p6-8.2
    • SUSE Linux Enterprise Desktop 12-SP1 (noarch):
      • yast2-ntp-client-3.1.22-6.2

    References: