Lucene search

HistoryJul 19, 2020 - 12:00 a.m.

Security update for ntp (moderate)






An update that solves four vulnerabilities and has two
fixes is now available.


This update for ntp fixes the following issues:

ntp was updated to 4.2.8p15

  • CVE-2020-11868: Fixed an issue which a server mode packet with spoofed
    source address frequently send to the client ntpd could have caused
    denial of service (bsc#1169740).
  • CVE-2018-8956: Fixed an issue which could have allowed remote attackers
    to prevent a broadcast client from synchronizing its clock with a
    broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355).
  • CVE-2020-13817: Fixed an issue which an off-path attacker with the
    ability to query time from victim’s ntpd instance could have modified
    the victim’s clock by a limited amount (bsc#1172651).
  • CVE-2020-15025: Fixed an issue which remote attacker could have caused
    denial of service by consuming the memory when a CMAC key was used
    andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334).
  • Removed an OpenSSL version warning (bsc#992038 and bsc#1125401).

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.2:

    zypper in -t patch openSUSE-2020-1007=1

openSUSE Leap15.2i586< - openSUSE Leap 15.2 (i586 x86_64):- openSUSE Leap 15.2 (i586 x86_64):.i586.rpm
openSUSE Leap15.2x86_64< - openSUSE Leap 15.2 (i586 x86_64):- openSUSE Leap 15.2 (i586 x86_64):.x86_64.rpm