openSUSE Security Update : ntp (openSUSE-2016-1525)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for ntp fixes the following issues :

ntp was updated to 4.2.8p9.

Security issues fixed :

- CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6
unauthenticated trap information disclosure and DDoS

- CVE-2016-7427, bsc#1011390: Broadcast Mode Replay
Prevention DoS.

- CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval
Enforcement DoS.

- CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero
Origin Timestamp Bypass.

- CVE-2016-7434, bsc#1011398: NULL pointer dereference in

- CVE-2016-7429, bsc#1011404: Interface selection attack.

- CVE-2016-7426, bsc#1011406: Client rate limiting and
server responses.

- CVE-2016-7433, bsc#1011411: Reboot sync calculation

- CVE-2015-5219: An endless loop due to incorrect
precision to double conversion (bsc#943216).

Non-security issues fixed :

- Fix a spurious error message.

- Other bugfixes, see

- Fix a regression in 'trap' (bsc#981252).

- Reduce the number of netlink groups to listen on for
changes to the local network setup (bsc#992606).

- Fix segfault in 'sntp -a' (bsc#1009434).

- Silence an OpenSSL version warning (bsc#992038).

- Make the resolver task change user and group IDs to the
same values as the main task. (bsc#988028)

- Simplify ntpd's search for its own executable to prevent
AppArmor warnings (bsc#956365).

This update was imported from the SUSE:SLE-12-SP1:Update update

See also :

Solution :

Update the affected ntp packages.

Risk factor :

High / CVSS Base Score : 7.1

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now