ntp was updated to version 4.2.8p6 to fix 28 security issues.
Major functional changes:
- The "sntp" commandline tool changed its option handling in a major way,
some options have been renamed or dropped.
- "controlkey 1" is added during update to ntp.conf to allow sntp to work.
- The local clock is being disabled during update.
- ntpd is no longer running chrooted.
Other functional changes:
- ntp-signd is installed.
- "enable mode7" can be added to the configuration to allow ntdpc to work
as compatibility mode option.
- "kod" was removed from the default restrictions.
- SHA1 keys are used by default instead of MD5 keys.
Also yast2-ntp-client was updated to match some sntp syntax changes.
(bsc#937837)
These security issues were fixed:
- CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).
- CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).
- CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated
broadcast mode (bsc#962784).
- CVE-2015-7978: Stack exhaustion in recursive traversal of restriction
list (bsc#963000).
- CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).
- CVE-2015-7976: ntpq saveconfig command allows dangerous characters in
filenames (bsc#962802).
- CVE-2015-7975: nextvar() missing length check (bsc#962988).
- CVE-2015-7974: Skeleton Key: Missing key check allows impersonation
between authenticated peers (bsc#962960).
- CVE-2015-7973: Replay attack on authenticated broadcast mode
(bsc#962995).
- CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).
- CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).
- CVE-2015-5300: MITM attacker could have forced ntpd to make a step
larger than the panic threshold (bsc#951629).
- CVE-2015-7871: NAK to the Future: Symmetric association authentication
bypass via crypto-NAK (bsc#951608).
- CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning
FAIL on some bogus values (bsc#951608).
- CVE-2015-7854: Password Length Memory Corruption Vulnerability
(bsc#951608).
- CVE-2015-7853: Invalid length data provided by a custom refclock driver
could cause a buffer overflow (bsc#951608).
- CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability
(bsc#951608).
- CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#951608).
- CVE-2015-7850: remote config logfile-keyfile (bsc#951608).
- CVE-2015-7849: trusted key use-after-free (bsc#951608).
- CVE-2015-7848: mode 7 loop counter underrun (bsc#951608).
- CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#951608).
- CVE-2015-7703: configuration directives "pidfile" and "driftfile" should
only be allowed locally (bsc#951608).
- CVE-2015-7704, CVE-2015-7705: Clients that receive a KoD should validate
the origin timestamp field (bsc#951608).
- CVE-2015-7691, CVE-2015-7692, CVE-2015-7702: Incomplete autokey data
packet length checks (bsc#951608).
These non-security issues were fixed:
- fate#320758 bsc#975981: Enable compile-time support for MS-SNTP
(–enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added
the authreg directive.
- bsc#962318: Call /usr/sbin/sntp with full path to synchronize in
start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which
caused the synchronization to fail.
- bsc#782060: Speedup ntpq.
- bsc#916617: Add /var/db/ntp-kod.
- bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen
quite a lot on loaded systems.
- bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST.
- Add ntp-fork.patch and build with threads disabled to allow name
resolution even when running chrooted.
- Add a controlkey line to /etc/ntp.conf if one does not already exist to
allow runtime configuuration via ntpq.
- bsc#946386: Temporarily disable memlock to avoid problems due to high
memory usage during name resolution.
- bsc#905885: Use SHA1 instead of MD5 for symmetric keys.
- Improve runtime configuration:
- Read keytype from ntp.conf
- Don’t write ntp keys to syslog.
- Fix legacy action scripts to pass on command line arguments.
- bsc#944300: Remove "kod" from the restrict line in ntp.conf.
- bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd.
- Add a controlkey to ntp.conf to make the above work.
- Don’t let "keysdir" lines in ntp.conf trigger the "keys" parser.
- Disable mode 7 (ntpdc) again, now that we don’t use it anymore.
- Add "addserver" as a new legacy action.
- bsc#910063: Fix the comment regarding addserver in ntp.conf.
- bsc#926510: Disable chroot by default.
- bsc#920238: Enable ntpdc for backwards compatibility.