Lucene search
SuseOPENSUSE-SU-2016:1329-1HistoryMay 18, 2016 - 2:10 p.m.
Security update for ntp (important)
2016-05-1814:10:13
lists.opensuse.org
23
0.899 High
EPSS
Percentile
98.5%
This update for ntp to 4.2.8p7 fixes the following issues:
- CVE-2016-1547, bsc#977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS.
- CVE-2016-1548, bsc#977461: Interleave-pivot
- CVE-2016-1549, bsc#977451: Sybil vulnerability: ephemeral association
attack. - CVE-2016-1550, bsc#977464: Improve NTP security against buffer
comparison timing attacks. - CVE-2016-1551, bsc#977450: Refclock impersonation vulnerability
- CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig directives will
cause an assertion botch in ntpd. - CVE-2016-2517, bsc#977455: remote configuration trustedkey/
requestkey/controlkey values are not properly validated. - CVE-2016-2518, bsc#977457: Crafted addpeer with hmode > 7 causes array
wraparound with MATCH_ASSOC. - CVE-2016-2519, bsc#977458: ctl_getitem() return value not always checked.
- This update also improves the fixes for: CVE-2015-7704, CVE-2015-7705,
CVE-2015-7974
Bugs fixed:
- Restrict the parser in the startup script to the first
occurrance of "keys" and "controlkey" in ntp.conf (bsc#957226).
This update was imported from the SUSE:SLE-12-SP1:Update update project.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Leap | 42.1 | x86_64 | ntp-debugsource | < 4.2.8p7-21.1 | ntp-debugsource-4.2.8p7-21.1.x86_64.rpm |
| openSUSE Leap | 42.1 | i586 | ntp-debugsource | < 4.2.8p7-21.1 | ntp-debugsource-4.2.8p7-21.1.i586.rpm |
| openSUSE Leap | 42.1 | i586 | ntp-debuginfo | < 4.2.8p7-21.1 | ntp-debuginfo-4.2.8p7-21.1.i586.rpm |
| openSUSE Leap | 42.1 | x86_64 | ntp | < 4.2.8p7-21.1 | ntp-4.2.8p7-21.1.x86_64.rpm |
| openSUSE Leap | 42.1 | i586 | ntp | < 4.2.8p7-21.1 | ntp-4.2.8p7-21.1.i586.rpm |
| openSUSE Leap | 42.1 | x86_64 | ntp-doc | < 4.2.8p7-21.1 | ntp-doc-4.2.8p7-21.1.x86_64.rpm |
| openSUSE Leap | 42.1 | i586 | ntp-doc | < 4.2.8p7-21.1 | ntp-doc-4.2.8p7-21.1.i586.rpm |
| openSUSE Leap | 42.1 | x86_64 | ntp-debuginfo | < 4.2.8p7-21.1 | ntp-debuginfo-4.2.8p7-21.1.x86_64.rpm |
Related
nessus
nessus
openSUSE Security Update : ntp (openSUSE-2016-599)
2016-05-20 00:00:00
SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1278-1)
2016-05-13 00:00:00
SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1291-1)
2016-05-16 00:00:00
suse
suse
Security update for ntp (important)
2016-05-12 20:09:15
Security update for ntp (important)
2016-06-01 18:08:21
Security update for ntp (important)
2016-05-11 18:08:42
openvas
openvas
openSUSE: Security Advisory for ntp (openSUSE-SU-2016:1329-1)
2016-05-19 00:00:00
SUSE: Security Advisory for ntp (SUSE-SU-2016:1568-1)
2016-06-15 00:00:00
Fedora Update for ntp FEDORA-2016-777d838c1b
2016-06-08 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:16.ntp
2016-04-29 00:00:00
slackware
slackware
[slackware-security] ntp
2016-04-29 21:57:25
arista
arista
Security Advisory 0019
2018-04-25 00:00:00
cisco
cisco
ibm
ibm
Security Bulletin: Multiple vulnerabilities in ntp affect PowerKVM
2018-06-18 01:32:32
freebsd
freebsd
ntp -- multiple vulnerabilities
2016-04-26 00:00:00
fortinet
fortinet
ntp-4.2.8p7 Security Vulnerability Announcement April 2016
2017-04-03 00:00:00
mageia
mageia
Updated ntp packages fix security vulnerabilities
2016-05-14 00:54:49
fedora
fedora
[SECURITY] Fedora 24 Update: ntp-4.2.6p5-40.fc24
2016-05-07 12:19:50
[SECURITY] Fedora 23 Update: ntp-4.2.6p5-40.fc23
2016-05-10 18:06:26
[SECURITY] Fedora 22 Update: ntp-4.2.6p5-40.fc22
2016-05-12 07:23:47
amazon
amazon
Medium: ntp
2016-06-02 18:06:00
cert
cert
NTP.org ntpd contains multiple vulnerabilities
2016-04-27 00:00:00
aix
aix
Vulnerabilities in NTP affect AIX,Vulnerabilities in NTP affect VIOS
2016-09-06 09:07:16
redhat
redhat
(RHSA-2016:1552) Moderate: ntp security update
2016-08-03 04:36:58
(RHSA-2016:1141) Moderate: ntp security update
2016-05-31 05:04:27
(RHSA-2015:2520) Important: ntp security update
2015-11-26 00:00:00
oraclelinux
oraclelinux
ntp security update
2016-05-31 00:00:00
ntp security update
2017-10-26 00:00:00
ntp security and bug fix update
2016-11-09 00:00:00
centos
centos
ntp, ntpdate, sntp security update
2016-05-31 10:58:56
ntp, ntpdate, sntp security update
2015-10-26 15:51:06
ubuntucve
ubuntucve
debian
debian
[SECURITY] [DSA 3629-1] ntp security update
2016-07-25 21:15:32
[SECURITY] [DLA 559-1] ntp security update
2016-07-25 21:37:14
osv
osv
ntp - security update
2016-07-25 00:00:00
ntp - security update
2016-07-25 00:00:00
CVE-2016-1551
2017-01-27 17:59:00
f5
f5
K61200338 : NTP vulnerability CVE-2016-2517
2016-05-25 00:00:00
K17527 : NTP vulnerability CVE-2015-7705
2015-11-05 00:00:00
SOL17527 - NTP vulnerability CVE-2015-7705
2015-11-02 00:00:00
debiancve
debiancve
cve
cve
prion
prion
Authentication flaw
2017-01-30 21:59:00
Code injection
2017-08-07 20:29:00
Code injection
2017-08-07 20:29:00
cloudfoundry
cloudfoundry
USN-3096-1: NTP vulnerabilities | Cloud Foundry
2016-12-21 00:00:00
ics
ics
Siemens TIM 4R-IE Devices
2021-04-13 12:00:00
Siemens SIMATIC NET CP 443-1 OPC UA
2021-06-08 12:00:00
ubuntu
ubuntu
NTP vulnerabilities
2016-10-05 00:00:00
gentoo
gentoo
NTP: Multiple vulnerabilities
2016-07-20 00:00:00
citrix
citrix
Citrix XenServer Multiple Security Updates
2017-01-25 05:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:08:52
Denial Of Service (DoS)
2019-05-02 05:34:28
Information Disclosure
2019-05-02 05:34:28
checkpoint_advisories
checkpoint_advisories
NTP Kiss-o-Death Packet Denial of Service - Ver2 (CVE-2015-7704)
2018-06-25 00:00:00
talos
talos
Network Time Protocol libntp Message Digest Disclosure Vulnerability
2016-04-26 00:00:00
Network Time Protocol Forced Interleaved Time Spoofing Vulnerability
2016-04-26 00:00:00
Network Time Protocol Ephemeral Association Time Spoofing Vulnerability
2016-04-26 00:00:00
seebug
seebug
rosalinux
rosalinux
Advisory ROSA-SA-2021-1932
2021-07-02 17:35:16