Security update for ntp SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:0956-1 Final 1 1 2018-04-16T15:31:58Z current 2018-04-16T15:31:58Z 2018-04-16T15:31:58Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ntp This update for ntp fixes the following issues: - Update to 4.2.8p11 (bsc#1082210): * CVE-2016-1549: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. * CVE-2018-7182: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. (bsc#1083426) * CVE-2018-7170: Multiple authenticated ephemeral associations. (bsc#1083424) * CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state. (bsc#1083422) * CVE-2018-7185: Unauthenticated packet can reset authenticated interleaved association. (bsc#1083420) * CVE-2018-7183: ntpq:decodearr() can write beyond its buffer limit.(bsc#1083417) - Don't use libevent's cached time stamps in sntp. (bsc#1077445) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-SP3-2018-648,SUSE-SLE-SERVER-12-SP3-2018-648 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20180956-1/ Link for SUSE-SU-2018:0956-1 https://lists.suse.com/pipermail/sle-security-updates/2018-April/003894.html E-Mail link for SUSE-SU-2018:0956-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1077445 SUSE Bug 1077445 https://bugzilla.suse.com/1082063 SUSE Bug 1082063 https://bugzilla.suse.com/1082210 SUSE Bug 1082210 https://bugzilla.suse.com/1083417 SUSE Bug 1083417 https://bugzilla.suse.com/1083420 SUSE Bug 1083420 https://bugzilla.suse.com/1083422 SUSE Bug 1083422 https://bugzilla.suse.com/1083424 SUSE Bug 1083424 https://bugzilla.suse.com/1083426 SUSE Bug 1083426 https://www.suse.com/security/cve/CVE-2016-1549/ SUSE CVE CVE-2016-1549 page https://www.suse.com/security/cve/CVE-2018-7170/ SUSE CVE CVE-2018-7170 page https://www.suse.com/security/cve/CVE-2018-7182/ SUSE CVE CVE-2018-7182 page https://www.suse.com/security/cve/CVE-2018-7183/ SUSE CVE CVE-2018-7183 page https://www.suse.com/security/cve/CVE-2018-7184/ SUSE CVE CVE-2018-7184 page https://www.suse.com/security/cve/CVE-2018-7185/ SUSE CVE CVE-2018-7185 page SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3 ntp-4.2.8p11-64.3.2 ntp-doc-4.2.8p11-64.3.2 ntp-4.2.8p11-64.3.2 as a component of SUSE Linux Enterprise Desktop 12 SP3 ntp-doc-4.2.8p11-64.3.2 as a component of SUSE Linux Enterprise Desktop 12 SP3 ntp-4.2.8p11-64.3.2 as a component of SUSE Linux Enterprise Server 12 SP3 ntp-doc-4.2.8p11-64.3.2 as a component of SUSE Linux Enterprise Server 12 SP3 ntp-4.2.8p11-64.3.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 ntp-doc-4.2.8p11-64.3.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock. CVE-2016-1549 SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.3.2 SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.3.2 SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2 SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2 low 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N 4 AV:N/AC:L/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180956-1/ https://www.suse.com/security/cve/CVE-2016-1549.html CVE-2016-1549 https://bugzilla.suse.com/1083424 SUSE Bug 1083424 https://bugzilla.suse.com/977446 SUSE Bug 977446 https://bugzilla.suse.com/977451 SUSE Bug 977451 ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549. CVE-2018-7170 SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.3.2 SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.3.2 SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2 SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2 low 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180956-1/ https://www.suse.com/security/cve/CVE-2018-7170.html CVE-2018-7170 https://bugzilla.suse.com/1082210 SUSE Bug 1082210 https://bugzilla.suse.com/1083424 SUSE Bug 1083424 https://bugzilla.suse.com/1087324 SUSE Bug 1087324 https://bugzilla.suse.com/1098531 SUSE Bug 1098531 https://bugzilla.suse.com/1155513 SUSE Bug 1155513 The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10. CVE-2018-7182 SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.3.2 SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.3.2 SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2 SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180956-1/ https://www.suse.com/security/cve/CVE-2018-7182.html CVE-2018-7182 https://bugzilla.suse.com/1082210 SUSE Bug 1082210 https://bugzilla.suse.com/1083426 SUSE Bug 1083426 https://bugzilla.suse.com/1087324 SUSE Bug 1087324 Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array. CVE-2018-7183 SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.3.2 SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.3.2 SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2 SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180956-1/ https://www.suse.com/security/cve/CVE-2018-7183.html CVE-2018-7183 https://bugzilla.suse.com/1082210 SUSE Bug 1082210 https://bugzilla.suse.com/1083417 SUSE Bug 1083417 https://bugzilla.suse.com/1087324 SUSE Bug 1087324 ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704. CVE-2018-7184 SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.3.2 SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.3.2 SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2 SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180956-1/ https://www.suse.com/security/cve/CVE-2018-7184.html CVE-2018-7184 https://bugzilla.suse.com/1082210 SUSE Bug 1082210 https://bugzilla.suse.com/1083422 SUSE Bug 1083422 https://bugzilla.suse.com/1087324 SUSE Bug 1087324 The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. CVE-2018-7185 SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.3.2 SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.3.2 SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2 SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180956-1/ https://www.suse.com/security/cve/CVE-2018-7185.html CVE-2018-7185 https://bugzilla.suse.com/1082210 SUSE Bug 1082210 https://bugzilla.suse.com/1083420 SUSE Bug 1083420 https://bugzilla.suse.com/1087324 SUSE Bug 1087324 https://bugzilla.suse.com/1089405 SUSE Bug 1089405