Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseSUSE-SU-2016:1568-1
HistoryJun 14, 2016 - 12:08 p.m.

Security update for ntp (important)

2016-06-1412:08:32
lists.opensuse.org
18

0.937 High

EPSS

Percentile

98.9%

JSON

ntp was updated to version 4.2.8p8 to fix 17 security issues.

These security issues were fixed:

  • CVE-2016-4956: Broadcast interleave (bsc#982068).
  • CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound
    with MATCH_ASSOC (bsc#977457).
  • CVE-2016-2519: ctl_getitem() return value not always checked
    (bsc#977458).
  • CVE-2016-4954: Processing spoofed server packets (bsc#982066).
  • CVE-2016-4955: Autokey association reset (bsc#982067).
  • CVE-2015-7974: NTP did not verify peer associations of symmetric keys
    when authenticating packets, which might allowed remote attackers to
    conduct impersonation attacks via an arbitrary trusted key, aka a
    "skeleton key (bsc#962960).
  • CVE-2016-4957: CRYPTO_NAK crash (bsc#982064).
  • CVE-2016-2516: Duplicate IPs on unconfig directives will cause an
    assertion botch (bsc#977452).
  • CVE-2016-2517: Remote configuration trustedkey/requestkey values are not
    properly validated (bsc#977455).
  • CVE-2016-4953: Bad authentication demobilizes ephemeral associations
    (bsc#982065).
  • CVE-2016-1547: CRYPTO-NAK DoS (bsc#977459).
  • CVE-2016-1551: Refclock impersonation vulnerability, AKA:
    refclock-peering (bsc#977450).
  • CVE-2016-1550: Improve NTP security against buffer comparison timing
    attacks, authdecrypt-timing, AKA: authdecrypt-timing (bsc#977464).
  • CVE-2016-1548: Interleave-pivot - MITIGATION ONLY (bsc#977461).
  • CVE-2016-1549: Sybil vulnerability: ephemeral association attack, AKA:
    ntp-sybil - MITIGATION ONLY (bsc#977451).

This release also contained improved patches for CVE-2015-7704,
CVE-2015-7705, CVE-2015-7974.

These non-security issues were fixed:

  • bsc#979302: Change the process name of the forking DNS worker process to
    avoid the impression that ntpd is started twice.
  • bsc#981422: Don’t ignore SIGCHILD because it breaks wait().
  • bsc#979981: ntp-wait does not accept fractional seconds, so use 1
    instead of 0.2 in ntp-wait.service.
  • Separate the creation of ntp.keys and key #1 in it to avoid problems
    when upgrading installations that have the file, but no key #1, which is
    needed e.g. by "rcntp addserver".
  • bsc#957226: Restrict the parser in the startup script to the first
    occurrance of "keys" and "controlkey" in ntp.conf.
OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Server12s390xntp-debuginfo< 4.2.8p8-46.8.1ntp-debuginfo-4.2.8p8-46.8.1.s390x.rpm
SUSE Linux Enterprise Server12x86_64ntp< 4.2.8p8-46.8.1ntp-4.2.8p8-46.8.1.x86_64.rpm
SUSE Linux Enterprise Server12ppc64lentp-debugsource< 4.2.8p8-46.8.1ntp-debugsource-4.2.8p8-46.8.1.ppc64le.rpm
SUSE Linux Enterprise Desktop12x86_64ntp-debuginfo< 4.2.8p8-46.8.1ntp-debuginfo-4.2.8p8-46.8.1.x86_64.rpm
SUSE Linux Enterprise Server12x86_64ntp-debugsource< 4.2.8p8-46.8.1ntp-debugsource-4.2.8p8-46.8.1.x86_64.rpm
SUSE Linux Enterprise Server12ppc64lentp< 4.2.8p8-46.8.1ntp-4.2.8p8-46.8.1.ppc64le.rpm
SUSE Linux Enterprise Server12s390xntp< 4.2.8p8-46.8.1ntp-4.2.8p8-46.8.1.s390x.rpm
SUSE Linux Enterprise Desktop12x86_64ntp< 4.2.8p8-46.8.1ntp-4.2.8p8-46.8.1.x86_64.rpm
SUSE Linux Enterprise Desktop12x86_64ntp-debugsource< 4.2.8p8-46.8.1ntp-debugsource-4.2.8p8-46.8.1.x86_64.rpm
SUSE Linux Enterprise Server12ppc64lentp-debuginfo< 4.2.8p8-46.8.1ntp-debuginfo-4.2.8p8-46.8.1.ppc64le.rpm
Rows per page:
1-10 of 161

Related

openvas 24
nessus 59
suse 11
aix 1
freebsd_advisory 2
cisco 2
arista 1
ibm 7
slackware 2
freebsd 2
fortinet 1
archlinux 1
cert 2
fedora 6
mageia 2
amazon 2
centos 1
redhat 3
oraclelinux 1
ics 2
cloudfoundry 1
ubuntu 1
debian 2
ubuntucve 9
osv 2
f5 16
debiancve 8
cve 8
redhatcve 4
prion 9
gentoo 1
seebug 1
talos 1
citrix 1
checkpoint_advisories 2
veracode 1
openvas
openvas
SUSE: Security Advisory for ntp (SUSE-SU-2016:1568-1)
2016-06-15 00:00:00
openSUSE: Security Advisory for ntp (openSUSE-SU-2016:1329-1)
2016-05-19 00:00:00
openSUSE: Security Advisory for ntp (openSUSE-SU-2016:1583-1)
2016-06-16 00:00:00
nessus
nessus
SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1568-1)
2016-06-17 00:00:00
SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1291-1)
2016-05-16 00:00:00
AIX 7.2 TL 0 : ntp (IV87939) (deprecated)
2016-09-08 00:00:00
suse
suse
Security update for ntp (important)
2016-06-01 18:08:21
Security update for ntp (important)
2016-05-11 18:08:42
Security update for ntp (important)
2016-05-18 14:10:13
aix
aix
Vulnerabilities in NTP affect AIX,Vulnerabilities in NTP affect VIOS
2016-09-06 09:07:16
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:16.ntp
2016-04-29 00:00:00
FreeBSD-SA-16:24.ntp
2016-06-04 00:00:00
cisco
cisco
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016
2016-04-28 09:00:00
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016
2016-06-03 16:00:00
arista
arista
Security Advisory 0019
2018-04-25 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter
2023-04-14 14:32:25
Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter
2023-04-14 14:32:25
Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple ntp vulnerabilities
2018-06-18 01:32:57
slackware
slackware
[slackware-security] ntp
2016-04-29 21:57:25
[slackware-security] ntp
2016-06-04 00:43:43
freebsd
freebsd
ntp -- multiple vulnerabilities
2016-04-26 00:00:00
FreeBSD -- Multiple ntp vulnerabilities
2016-06-04 00:00:00
fortinet
fortinet
ntp-4.2.8p7 Security Vulnerability Announcement April 2016
2017-04-03 00:00:00
archlinux
archlinux
ntp: distributed denial of service amplification
2016-06-04 00:00:00
cert
cert
NTP.org ntpd is vulnerable to denial of service and other vulnerabilities
2016-06-02 00:00:00
NTP.org ntpd contains multiple vulnerabilities
2016-04-27 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: ntp-4.2.6p5-40.fc24
2016-05-07 12:19:50
[SECURITY] Fedora 23 Update: ntp-4.2.6p5-40.fc23
2016-05-10 18:06:26
[SECURITY] Fedora 22 Update: ntp-4.2.6p5-40.fc22
2016-05-12 07:23:47
mageia
mageia
Updated ntp packages fix security vulnerabilities
2016-05-14 00:54:49
Updated ntp packages fix security vulnerability
2016-06-08 00:39:50
amazon
amazon
Medium: ntp
2016-06-02 18:06:00
Medium: ntp
2016-08-01 13:30:00
centos
centos
ntp, ntpdate, sntp security update
2016-05-31 10:58:56
redhat
redhat
(RHSA-2016:1552) Moderate: ntp security update
2016-08-03 04:36:58
(RHSA-2016:1141) Moderate: ntp security update
2016-05-31 05:04:27
(RHSA-2015:2520) Important: ntp security update
2015-11-26 00:00:00
oraclelinux
oraclelinux
ntp security update
2016-05-31 00:00:00
ics
ics
Siemens SIMATIC NET CP 443-1 OPC UA
2021-06-08 12:00:00
Siemens TIM 4R-IE Devices
2021-04-13 12:00:00
cloudfoundry
cloudfoundry
USN-3096-1: NTP vulnerabilities | Cloud Foundry
2016-12-21 00:00:00
ubuntu
ubuntu
NTP vulnerabilities
2016-10-05 00:00:00
debian
debian
[SECURITY] [DLA 559-1] ntp security update
2016-07-25 21:37:14
[SECURITY] [DSA 3629-1] ntp security update
2016-07-25 21:15:32
ubuntucve
ubuntucve
CVE-2015-7705
2015-10-22 00:00:00
CVE-2016-2517
2017-01-30 00:00:00
CVE-2016-4956
2016-07-04 00:00:00
osv
osv
ntp - security update
2016-07-25 00:00:00
ntp - security update
2016-07-25 00:00:00
f5
f5
K61200338 : NTP vulnerability CVE-2016-2517
2016-05-25 00:00:00
SOL23453330 - NTP vulnerability CVE-2016-4957
2016-06-15 00:00:00
K23453330 : NTP vulnerability CVE-2016-4957
2016-06-15 00:00:00
debiancve
debiancve
CVE-2016-2517
2017-01-30 21:59:00
CVE-2016-4956
2016-07-05 01:59:00
CVE-2016-4957
2016-07-05 01:59:00
cve
cve
CVE-2016-2517
2017-01-30 21:59:00
CVE-2016-4956
2016-07-05 01:59:00
CVE-2016-4957
2016-07-05 01:59:00
redhatcve
redhatcve
CVE-2016-4956
2016-06-02 13:49:28
CVE-2016-4957
2016-06-02 13:49:32
CVE-2016-4954
2016-06-02 13:49:20
prion
prion
Authentication flaw
2017-01-30 21:59:00
Design/Logic Flaw
2016-07-05 01:59:00
Design/Logic Flaw
2016-07-05 01:59:00
gentoo
gentoo
NTP: Multiple vulnerabilities
2016-07-20 00:00:00
seebug
seebug
Network Time Protocol Trap Crash Denial of Service Vulnerability(CVE-2016-9311)
2017-10-11 00:00:00
talos
talos
Network Time Protocol Trap Crash Denial of Service Vulnerability
2016-11-21 00:00:00
citrix
citrix
Citrix XenServer Multiple Security Updates
2017-01-25 05:00:00
checkpoint_advisories
checkpoint_advisories
Network Time Protocol Daemon crypto-NAK Denial of Service (CVE-2016-4957)
2016-07-05 00:00:00
NTP Kiss-o-Death Packet Denial of Service - Ver2 (CVE-2015-7704)
2018-06-25 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:08:52

0.937 High

EPSS

Percentile

98.9%

JSON
Related for SUSE-SU-2016:1568-1
openvas24nessus59suse11aix1freebsd_advisory2cisco2arista1ibm7slackware2freebsd2fortinet1archlinux1cert2fedora6mageia2amazon2centos1redhat3oraclelinux1ics2cloudfoundry1ubuntu1debian2ubuntucve9osv2f516debiancve8cve8redhatcve4prion9gentoo1seebug1talos1citrix1checkpoint_advisories2veracode1