Security update for ntp SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:3196-1 Final 1 1 2016-12-19T16:07:40Z current 2016-12-19T16:07:40Z 2016-12-19T16:07:40Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ntp This update for ntp fixes the following issues: ntp was updated to 4.2.8p9. Security issues fixed: - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector. - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay Prevention DoS. - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval Enforcement DoS. - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero Origin Timestamp Bypass. - CVE-2016-7434, bsc#1011398: Null pointer dereference in _IO_str_init_static_internal(). - CVE-2016-7429, bsc#1011404: Interface selection attack. - CVE-2016-7426, bsc#1011406: Client rate limiting and server responses. - CVE-2016-7433, bsc#1011411: Reboot sync calculation problem. - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). Non-security issues fixed: - Fix a spurious error message. - Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog. - Fix a regression in 'trap' (bsc#981252). - Reduce the number of netlink groups to listen on for changes to the local network setup (bsc#992606). - Fix segfault in 'sntp -a' (bsc#1009434). - Silence an OpenSSL version warning (bsc#992038). - Make the resolver task change user and group IDs to the same values as the main task. (bsc#988028) - Simplify ntpd's search for its own executable to prevent AppArmor warnings (bsc#956365). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-SAP-12-2016-1852,SUSE-SLE-SERVER-12-2016-1852 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20163196-1/ Link for SUSE-SU-2016:3196-1 https://lists.suse.com/pipermail/sle-security-updates/2016-December/002498.html E-Mail link for SUSE-SU-2016:3196-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1009434 SUSE Bug 1009434 https://bugzilla.suse.com/1011377 SUSE Bug 1011377 https://bugzilla.suse.com/1011390 SUSE Bug 1011390 https://bugzilla.suse.com/1011395 SUSE Bug 1011395 https://bugzilla.suse.com/1011398 SUSE Bug 1011398 https://bugzilla.suse.com/1011404 SUSE Bug 1011404 https://bugzilla.suse.com/1011406 SUSE Bug 1011406 https://bugzilla.suse.com/1011411 SUSE Bug 1011411 https://bugzilla.suse.com/1011417 SUSE Bug 1011417 https://bugzilla.suse.com/943216 SUSE Bug 943216 https://bugzilla.suse.com/956365 SUSE Bug 956365 https://bugzilla.suse.com/981252 SUSE Bug 981252 https://bugzilla.suse.com/988028 SUSE Bug 988028 https://bugzilla.suse.com/992038 SUSE Bug 992038 https://bugzilla.suse.com/992606 SUSE Bug 992606 https://www.suse.com/security/cve/CVE-2015-5219/ SUSE CVE CVE-2015-5219 page https://www.suse.com/security/cve/CVE-2016-7426/ SUSE CVE CVE-2016-7426 page https://www.suse.com/security/cve/CVE-2016-7427/ SUSE CVE CVE-2016-7427 page https://www.suse.com/security/cve/CVE-2016-7428/ SUSE CVE CVE-2016-7428 page https://www.suse.com/security/cve/CVE-2016-7429/ SUSE CVE CVE-2016-7429 page https://www.suse.com/security/cve/CVE-2016-7431/ SUSE CVE CVE-2016-7431 page https://www.suse.com/security/cve/CVE-2016-7433/ SUSE CVE CVE-2016-7433 page https://www.suse.com/security/cve/CVE-2016-7434/ SUSE CVE CVE-2016-7434 page https://www.suse.com/security/cve/CVE-2016-9310/ SUSE CVE CVE-2016-9310 page https://www.suse.com/security/cve/CVE-2016-9311/ SUSE CVE CVE-2016-9311 page SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Server for SAP Applications 12 ntp-4.2.8p9-46.18.1 ntp-doc-4.2.8p9-46.18.1 ntp-4.2.8p9-46.18.1 as a component of SUSE Linux Enterprise Server 12-LTSS ntp-doc-4.2.8p9-46.18.1 as a component of SUSE Linux Enterprise Server 12-LTSS ntp-4.2.8p9-46.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 ntp-doc-4.2.8p9-46.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. CVE-2015-5219 SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p9-46.18.1 SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p9-46.18.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p9-46.18.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p9-46.18.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163196-1/ https://www.suse.com/security/cve/CVE-2015-5219.html CVE-2015-5219 https://bugzilla.suse.com/1010964 SUSE Bug 1010964 https://bugzilla.suse.com/943216 SUSE Bug 943216 https://bugzilla.suse.com/943218 SUSE Bug 943218 https://bugzilla.suse.com/943219 SUSE Bug 943219 https://bugzilla.suse.com/943221 SUSE Bug 943221 https://bugzilla.suse.com/959243 SUSE Bug 959243 NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. CVE-2016-7426 SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p9-46.18.1 SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p9-46.18.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p9-46.18.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p9-46.18.1 low 1 AV:L/AC:H/Au:S/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163196-1/ https://www.suse.com/security/cve/CVE-2016-7426.html CVE-2016-7426 https://bugzilla.suse.com/1011406 SUSE Bug 1011406 https://bugzilla.suse.com/1011421 SUSE Bug 1011421 https://bugzilla.suse.com/1012330 SUSE Bug 1012330 The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet. CVE-2016-7427 SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p9-46.18.1 SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p9-46.18.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p9-46.18.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p9-46.18.1 low 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163196-1/ https://www.suse.com/security/cve/CVE-2016-7427.html CVE-2016-7427 https://bugzilla.suse.com/1011390 SUSE Bug 1011390 https://bugzilla.suse.com/1011421 SUSE Bug 1011421 https://bugzilla.suse.com/1012330 SUSE Bug 1012330 ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet. CVE-2016-7428 SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p9-46.18.1 SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p9-46.18.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p9-46.18.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p9-46.18.1 moderate 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163196-1/ https://www.suse.com/security/cve/CVE-2016-7428.html CVE-2016-7428 https://bugzilla.suse.com/1011417 SUSE Bug 1011417 https://bugzilla.suse.com/1011421 SUSE Bug 1011421 https://bugzilla.suse.com/1012330 SUSE Bug 1012330 NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use. CVE-2016-7429 SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p9-46.18.1 SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p9-46.18.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p9-46.18.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p9-46.18.1 low 1 AV:L/AC:H/Au:S/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163196-1/ https://www.suse.com/security/cve/CVE-2016-7429.html CVE-2016-7429 https://bugzilla.suse.com/1011404 SUSE Bug 1011404 https://bugzilla.suse.com/1011421 SUSE Bug 1011421 https://bugzilla.suse.com/1012330 SUSE Bug 1012330 NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression. CVE-2016-7431 SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p9-46.18.1 SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p9-46.18.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p9-46.18.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p9-46.18.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163196-1/ https://www.suse.com/security/cve/CVE-2016-7431.html CVE-2016-7431 https://bugzilla.suse.com/1011395 SUSE Bug 1011395 https://bugzilla.suse.com/1011421 SUSE Bug 1011421 https://bugzilla.suse.com/1012330 SUSE Bug 1012330 NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion." CVE-2016-7433 SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p9-46.18.1 SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p9-46.18.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p9-46.18.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p9-46.18.1 low 1.2 AV:L/AC:H/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163196-1/ https://www.suse.com/security/cve/CVE-2016-7433.html CVE-2016-7433 https://bugzilla.suse.com/1011411 SUSE Bug 1011411 https://bugzilla.suse.com/1011421 SUSE Bug 1011421 https://bugzilla.suse.com/1012330 SUSE Bug 1012330 The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query. CVE-2016-7434 SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p9-46.18.1 SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p9-46.18.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p9-46.18.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p9-46.18.1 moderate 3.8 AV:L/AC:H/Au:S/C:N/I:N/A:C 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163196-1/ https://www.suse.com/security/cve/CVE-2016-7434.html CVE-2016-7434 https://bugzilla.suse.com/1011398 SUSE Bug 1011398 https://bugzilla.suse.com/1011421 SUSE Bug 1011421 https://bugzilla.suse.com/1012330 SUSE Bug 1012330 The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. CVE-2016-9310 SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p9-46.18.1 SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p9-46.18.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p9-46.18.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p9-46.18.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163196-1/ https://www.suse.com/security/cve/CVE-2016-9310.html CVE-2016-9310 https://bugzilla.suse.com/1011377 SUSE Bug 1011377 https://bugzilla.suse.com/1011421 SUSE Bug 1011421 https://bugzilla.suse.com/1012330 SUSE Bug 1012330 ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet. CVE-2016-9311 SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p9-46.18.1 SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p9-46.18.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p9-46.18.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p9-46.18.1 moderate 7.8 AV:N/AC:M/Au:N/C:P/I:N/A:C 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163196-1/ https://www.suse.com/security/cve/CVE-2016-9311.html CVE-2016-9311 https://bugzilla.suse.com/1011377 SUSE Bug 1011377 https://bugzilla.suse.com/1011421 SUSE Bug 1011421 https://bugzilla.suse.com/1012330 SUSE Bug 1012330