Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.1041 SUSE Security Update: Security update for ntp 29 April 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ntp Publisher: SUSE Operating System: SUSE Impact/Access: Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2015-8158 CVE-2015-8140 CVE-2015-8139 CVE-2015-8138 CVE-2015-7979 CVE-2015-7978 CVE-2015-7977 CVE-2015-7976 CVE-2015-7975 CVE-2015-7974 CVE-2015-7973 CVE-2015-5300 Reference: ASB-2016.0046 ESB-2016.0177 ESB-2015.2694 Comment: This bulletin contains two (2) SUSE security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1175-1 Rating: important References: #782060 #784760 #916617 #951559 #951629 #956773 #962318 #962784 #962802 #962960 #962966 #962970 #962988 #962994 #962995 #962997 #963000 #963002 #975496 #975981 Cross-References: CVE-2015-5300 CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8139 CVE-2015-8140 CVE-2015-8158 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 8 fixes is now available. Description: ntp was updated to version 4.2.8p6 to fix 12 security issues. These security issues were fixed: - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966). - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002). - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784). - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000). - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970). - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames (bsc#962802). - CVE-2015-7975: nextvar() missing length check (bsc#962988). - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers (bsc#962960). - CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995). - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994). - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997). - CVE-2015-5300: MITM attacker could have forced ntpd to make a step larger than the panic threshold (bsc#951629). These non-security issues were fixed: - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added the authreg directive. - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. - bsc#782060: Speedup ntpq. - bsc#916617: Add /var/db/ntp-kod. - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems. - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST. - Add ntp-fork.patch and build with threads disabled to allow name resolution even when running chrooted. - bsc#784760: Remove local clock from default configuration Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ntp-12533=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ntp-12533=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ntp-4.2.8p6-8.2 ntp-doc-4.2.8p6-8.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ntp-debuginfo-4.2.8p6-8.2 ntp-debugsource-4.2.8p6-8.2 References: https://www.suse.com/security/cve/CVE-2015-5300.html https://www.suse.com/security/cve/CVE-2015-7973.html https://www.suse.com/security/cve/CVE-2015-7974.html https://www.suse.com/security/cve/CVE-2015-7975.html https://www.suse.com/security/cve/CVE-2015-7976.html https://www.suse.com/security/cve/CVE-2015-7977.html https://www.suse.com/security/cve/CVE-2015-7978.html https://www.suse.com/security/cve/CVE-2015-7979.html https://www.suse.com/security/cve/CVE-2015-8138.html https://www.suse.com/security/cve/CVE-2015-8139.html https://www.suse.com/security/cve/CVE-2015-8140.html https://www.suse.com/security/cve/CVE-2015-8158.html https://bugzilla.suse.com/782060 https://bugzilla.suse.com/784760 https://bugzilla.suse.com/916617 https://bugzilla.suse.com/951559 https://bugzilla.suse.com/951629 https://bugzilla.suse.com/956773 https://bugzilla.suse.com/962318 https://bugzilla.suse.com/962784 https://bugzilla.suse.com/962802 https://bugzilla.suse.com/962960 https://bugzilla.suse.com/962966 https://bugzilla.suse.com/962970 https://bugzilla.suse.com/962988 https://bugzilla.suse.com/962994 https://bugzilla.suse.com/962995 https://bugzilla.suse.com/962997 https://bugzilla.suse.com/963000 https://bugzilla.suse.com/963002 https://bugzilla.suse.com/975496 https://bugzilla.suse.com/975981 - --- SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1177-1 Rating: important References: #782060 #916617 #937837 #951559 #951629 #956773 #962318 #962784 #962802 #962960 #962966 #962970 #962988 #962994 #962995 #962997 #963000 #963002 #975496 #975981 Cross-References: CVE-2015-5300 CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8139 CVE-2015-8140 CVE-2015-8158 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 8 fixes is now available. Description: ntp was updated to version 4.2.8p6 to fix 12 security issues. Also yast2-ntp-client was updated to match some sntp syntax changes. (bsc#937837) These security issues were fixed: - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966). - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002). - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784). - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000). - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970). - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames (bsc#962802). - CVE-2015-7975: nextvar() missing length check (bsc#962988). - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers (bsc#962960). - CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995). - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994). - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997). - CVE-2015-5300: MITM attacker could have forced ntpd to make a step larger than the panic threshold (bsc#951629). These non-security issues were fixed: - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added the authreg directive. - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. - bsc#782060: Speedup ntpq. - bsc#916617: Add /var/db/ntp-kod. - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems. - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST. - Add ntp-fork.patch and build with threads disabled to allow name resolution even when running chrooted. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-694=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-694=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-694=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): yast2-ntp-client-devel-doc-3.1.22-6.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ntp-4.2.8p6-8.2 ntp-debuginfo-4.2.8p6-8.2 ntp-debugsource-4.2.8p6-8.2 ntp-doc-4.2.8p6-8.2 - SUSE Linux Enterprise Server 12-SP1 (noarch): yast2-ntp-client-3.1.22-6.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ntp-4.2.8p6-8.2 ntp-debuginfo-4.2.8p6-8.2 ntp-debugsource-4.2.8p6-8.2 ntp-doc-4.2.8p6-8.2 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): yast2-ntp-client-3.1.22-6.2 References: https://www.suse.com/security/cve/CVE-2015-5300.html https://www.suse.com/security/cve/CVE-2015-7973.html https://www.suse.com/security/cve/CVE-2015-7974.html https://www.suse.com/security/cve/CVE-2015-7975.html https://www.suse.com/security/cve/CVE-2015-7976.html https://www.suse.com/security/cve/CVE-2015-7977.html https://www.suse.com/security/cve/CVE-2015-7978.html https://www.suse.com/security/cve/CVE-2015-7979.html https://www.suse.com/security/cve/CVE-2015-8138.html https://www.suse.com/security/cve/CVE-2015-8139.html https://www.suse.com/security/cve/CVE-2015-8140.html https://www.suse.com/security/cve/CVE-2015-8158.html https://bugzilla.suse.com/782060 https://bugzilla.suse.com/916617 https://bugzilla.suse.com/937837 https://bugzilla.suse.com/951559 https://bugzilla.suse.com/951629 https://bugzilla.suse.com/956773 https://bugzilla.suse.com/962318 https://bugzilla.suse.com/962784 https://bugzilla.suse.com/962802 https://bugzilla.suse.com/962960 https://bugzilla.suse.com/962966 https://bugzilla.suse.com/962970 https://bugzilla.suse.com/962988 https://bugzilla.suse.com/962994 https://bugzilla.suse.com/962995 https://bugzilla.suse.com/962997 https://bugzilla.suse.com/963000 https://bugzilla.suse.com/963002 https://bugzilla.suse.com/975496 https://bugzilla.suse.com/975981 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVyKrt36ZAP0PgtI9AQIs6A/+MNPwHCMcJXlaOYMeZzB8xjI0uo6lC8Y2 YdSNMZiiu63PtZSK22UaRpvjcGuWoVBYVbvdVNa07v6mEiJnFy7SWg4lHkiFCf9D jsoFLBY2sq/AEChjKH1pM0Qfvy+9E5hMRUQ26J96l4KehEPq3HmEYKNTkq09lkBd iNqD6542q8Q5SrUbQtglvUF/dSwCSvH5hB8l6odwn2GHl+mjbEl1+mZuFKA0hz1J JJTL6Z0HIJt/UkUBvJf4UpNBMzzCkuD38ETn9P8mt0gp6S4i7PUFf7YVBPlRbOyq HL7pLQZ3DxbjHvX00/R6ti9tUNFsECCaA7Cp+Zj6CqLj1yi9u94dlj0yZRJ8W0oV 3MTzADhkwdHydfMyEM3v4pUJkXjwtA7CqDTv8zsKNyO7I0BpJA9luujk98KtACBA nV/0bvI5DRTF04wnI7jJBEqwbg5pdDBZy+UrzHvUJR4T/Owr4/YS4LqfUfMQkDZN mvqqPYmxvdeArydybbtqvHqAteTBPzLKMCbUEgl0VbpvYofjC0NR6db+Ue6KHueP maJug5j9Raudv0kOfmxdmBxpUyihnRKKFBGaupk3xso1U/QKBRC37/tJUrSS1qUo 9B3miFUCdcWnUu7IIZJAP6+pCePc0PXHs+lD0kuZDdsfZ4V4yelCYZsK5ky/Cshm X3uhhwoBsQA= =QWBD -----END PGP SIGNATURE-----