openSUSE Security Update : ntp (openSUSE-2016-1525)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for ntp fixes the following issues :

ntp was updated to 4.2.8p9.

Security issues fixed :

- CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6
unauthenticated trap information disclosure and DDoS
vector.

- CVE-2016-7427, bsc#1011390: Broadcast Mode Replay
Prevention DoS.

- CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval
Enforcement DoS.

- CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero
Origin Timestamp Bypass.

- CVE-2016-7434, bsc#1011398: NULL pointer dereference in
_IO_str_init_static_internal().

- CVE-2016-7429, bsc#1011404: Interface selection attack.

- CVE-2016-7426, bsc#1011406: Client rate limiting and
server responses.

- CVE-2016-7433, bsc#1011411: Reboot sync calculation
problem.

- CVE-2015-5219: An endless loop due to incorrect
precision to double conversion (bsc#943216).

Non-security issues fixed :

- Fix a spurious error message.

- Other bugfixes, see
/usr/share/doc/packages/ntp/ChangeLog.

- Fix a regression in 'trap' (bsc#981252).

- Reduce the number of netlink groups to listen on for
changes to the local network setup (bsc#992606).

- Fix segfault in 'sntp -a' (bsc#1009434).

- Silence an OpenSSL version warning (bsc#992038).

- Make the resolver task change user and group IDs to the
same values as the main task. (bsc#988028)

- Simplify ntpd's search for its own executable to prevent
AppArmor warnings (bsc#956365).

This update was imported from the SUSE:SLE-12-SP1:Update update
project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1009434
https://bugzilla.opensuse.org/show_bug.cgi?id=1011377
https://bugzilla.opensuse.org/show_bug.cgi?id=1011390
https://bugzilla.opensuse.org/show_bug.cgi?id=1011395
https://bugzilla.opensuse.org/show_bug.cgi?id=1011398
https://bugzilla.opensuse.org/show_bug.cgi?id=1011404
https://bugzilla.opensuse.org/show_bug.cgi?id=1011406
https://bugzilla.opensuse.org/show_bug.cgi?id=1011411
https://bugzilla.opensuse.org/show_bug.cgi?id=1011417
https://bugzilla.opensuse.org/show_bug.cgi?id=943216
https://bugzilla.opensuse.org/show_bug.cgi?id=956365
https://bugzilla.opensuse.org/show_bug.cgi?id=981252
https://bugzilla.opensuse.org/show_bug.cgi?id=988028
https://bugzilla.opensuse.org/show_bug.cgi?id=992038
https://bugzilla.opensuse.org/show_bug.cgi?id=992606

Solution :

Update the affected ntp packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now