Security update for ntp SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2017:1047-1 Final 1 1 2017-04-18T14:06:17Z current 2017-04-18T14:06:17Z 2017-04-18T14:06:17Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ntp This ntp update to version 4.2.8p10 fixes serveral issues. This updated enables leap smearing. See /usr/share/doc/packages/ntp/README.leapsmear for details. Security issues fixed (bsc#1030050): - CVE-2017-6464: Denial of Service via Malformed Config - CVE-2017-6462: Buffer Overflow in DPTS Clock - CVE-2017-6463: Authenticated DoS via Malicious Config Option - CVE-2017-6458: Potential Overflows in ctl_put() functions - CVE-2017-6451: Improper use of snprintf() in mx4200_send() - CVE-2017-6460: Buffer Overflow in ntpq when fetching reslist - CVE-2016-9042: 0rigin (zero origin) DoS. - ntpq_stripquotes() returns incorrect Value - ereallocarray()/eallocarray() underused - Copious amounts of Unused Code - Off-by-one in Oncore GPS Receiver - Makefile does not enforce Security Flags Bugfixes: - Remove spurious log messages (bsc#1014172). - clang scan-build findings - Support for openssl-1.1.0 without compatibility modes - Bugfix 3072 breaks multicastclient - forking async worker: interrupted pipe I/O - (...) time_pps_create: Exec format error - Incorrect Logic for Peer Event Limiting - Change the process name of forked DNS worker - Trap Configuration Fail - Nothing happens if minsane < maxclock < minclock - allow -4/-6 on restrict line with mask - out-of-bound pointers in ctl_putsys and decode_bitflags - Move ntp-kod to /var/lib/ntp, because /var/db is not a standard directory and causes problems for transactional updates. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-SAP-12-2017-612,SUSE-SLE-SERVER-12-2017-612 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2017/suse-su-20171047-1/ Link for SUSE-SU-2017:1047-1 https://lists.suse.com/pipermail/sle-security-updates/2017-April/002811.html E-Mail link for SUSE-SU-2017:1047-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1014172 SUSE Bug 1014172 https://bugzilla.suse.com/1030050 SUSE Bug 1030050 https://www.suse.com/security/cve/CVE-2016-9042/ SUSE CVE CVE-2016-9042 page https://www.suse.com/security/cve/CVE-2017-6451/ SUSE CVE CVE-2017-6451 page https://www.suse.com/security/cve/CVE-2017-6458/ SUSE CVE CVE-2017-6458 page https://www.suse.com/security/cve/CVE-2017-6460/ SUSE CVE CVE-2017-6460 page https://www.suse.com/security/cve/CVE-2017-6462/ SUSE CVE CVE-2017-6462 page https://www.suse.com/security/cve/CVE-2017-6463/ SUSE CVE CVE-2017-6463 page https://www.suse.com/security/cve/CVE-2017-6464/ SUSE CVE CVE-2017-6464 page SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Server for SAP Applications 12 ntp-4.2.8p10-46.23.1 ntp-doc-4.2.8p10-46.23.1 ntp-4.2.8p10-46.23.1 as a component of SUSE Linux Enterprise Server 12-LTSS ntp-doc-4.2.8p10-46.23.1 as a component of SUSE Linux Enterprise Server 12-LTSS ntp-4.2.8p10-46.23.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 ntp-doc-4.2.8p10-46.23.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition. CVE-2016-9042 SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p10-46.23.1 SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p10-46.23.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p10-46.23.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p10-46.23.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20171047-1/ https://www.suse.com/security/cve/CVE-2016-9042.html CVE-2016-9042 https://bugzilla.suse.com/1030050 SUSE Bug 1030050 https://bugzilla.suse.com/1038049 SUSE Bug 1038049 https://bugzilla.suse.com/1044525 SUSE Bug 1044525 The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write. CVE-2017-6451 SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p10-46.23.1 SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p10-46.23.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p10-46.23.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p10-46.23.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20171047-1/ https://www.suse.com/security/cve/CVE-2017-6451.html CVE-2017-6451 https://bugzilla.suse.com/1030050 SUSE Bug 1030050 Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. CVE-2017-6458 SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p10-46.23.1 SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p10-46.23.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p10-46.23.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p10-46.23.1 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20171047-1/ https://www.suse.com/security/cve/CVE-2017-6458.html CVE-2017-6458 https://bugzilla.suse.com/1030050 SUSE Bug 1030050 https://bugzilla.suse.com/1038049 SUSE Bug 1038049 https://bugzilla.suse.com/1044525 SUSE Bug 1044525 Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response. CVE-2017-6460 SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p10-46.23.1 SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p10-46.23.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p10-46.23.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p10-46.23.1 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20171047-1/ https://www.suse.com/security/cve/CVE-2017-6460.html CVE-2017-6460 https://bugzilla.suse.com/1030050 SUSE Bug 1030050 https://bugzilla.suse.com/1038049 SUSE Bug 1038049 https://bugzilla.suse.com/1044525 SUSE Bug 1044525 Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device. CVE-2017-6462 SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p10-46.23.1 SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p10-46.23.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p10-46.23.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p10-46.23.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20171047-1/ https://www.suse.com/security/cve/CVE-2017-6462.html CVE-2017-6462 https://bugzilla.suse.com/1030050 SUSE Bug 1030050 https://bugzilla.suse.com/1038049 SUSE Bug 1038049 https://bugzilla.suse.com/1044525 SUSE Bug 1044525 NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option. CVE-2017-6463 SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p10-46.23.1 SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p10-46.23.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p10-46.23.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p10-46.23.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20171047-1/ https://www.suse.com/security/cve/CVE-2017-6463.html CVE-2017-6463 https://bugzilla.suse.com/1030050 SUSE Bug 1030050 https://bugzilla.suse.com/1038049 SUSE Bug 1038049 https://bugzilla.suse.com/1044525 SUSE Bug 1044525 NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive. CVE-2017-6464 SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p10-46.23.1 SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p10-46.23.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p10-46.23.1 SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p10-46.23.1 moderate 4.6 AV:N/AC:H/Au:M/C:N/I:N/A:C 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20171047-1/ https://www.suse.com/security/cve/CVE-2017-6464.html CVE-2017-6464 https://bugzilla.suse.com/1030050 SUSE Bug 1030050 https://bugzilla.suse.com/1038049 SUSE Bug 1038049 https://bugzilla.suse.com/1044525 SUSE Bug 1044525