Security update for ntp
Announcement ID: | SUSE-SU-2015:0865-1 |
Rating: | moderate |
References: | #918342 #924202 #928321 |
Affected Products: |
An update that fixes three vulnerabilities is now available.
Description:
ntp was updated to fix two security related flaws as well as "slew" mode
handling for leap seconds.
The following vulnerabilities were fixe:
* ntpd could accept unauthenticated packets with symmetric key crypto.
(CVE-2015-1798)
* ntpd authentication did not protect symmetric associations against DoS
attacks (CVE-2015-1799)
* ntp-keygen may generate non-random symmetric keys on big-endian systems
(bsc#928321, CVE-2015-3405).
The following non-security issues were fixed:
* Fix slew mode for leap seconds (bnc#918342).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12:
zypper in -t patch SUSE-SLE-SERVER-12-2015-193=1
- SUSE Linux Enterprise Desktop 12:
zypper in -t patch SUSE-SLE-DESKTOP-12-2015-193=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):
- ntp-4.2.6p5-44.1
- ntp-debuginfo-4.2.6p5-44.1
- ntp-debugsource-4.2.6p5-44.1
- ntp-doc-4.2.6p5-44.1
- SUSE Linux Enterprise Desktop 12 (x86_64):
- ntp-4.2.6p5-44.1
- ntp-debuginfo-4.2.6p5-44.1
- ntp-debugsource-4.2.6p5-44.1
- ntp-doc-4.2.6p5-44.1