Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.1041
SUSE Security Update: Security update for ntp
29 April 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: ntp
Publisher: SUSE
Operating System: SUSE
Impact/Access: Denial of Service -- Remote/Unauthenticated
Provide Misleading Information -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Unauthorised Access -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2015-8158 CVE-2015-8140 CVE-2015-8139
CVE-2015-8138 CVE-2015-7979 CVE-2015-7978
CVE-2015-7977 CVE-2015-7976 CVE-2015-7975
CVE-2015-7974 CVE-2015-7973 CVE-2015-5300
Reference: ASB-2016.0046
ESB-2016.0177
ESB-2015.2694
Comment: This bulletin contains two (2) SUSE security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for ntp
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:1175-1
Rating: important
References: #782060 #784760 #916617 #951559 #951629 #956773
#962318 #962784 #962802 #962960 #962966 #962970
#962988 #962994 #962995 #962997 #963000 #963002
#975496 #975981
Cross-References: CVE-2015-5300 CVE-2015-7973 CVE-2015-7974
CVE-2015-7975 CVE-2015-7976 CVE-2015-7977
CVE-2015-7978 CVE-2015-7979 CVE-2015-8138
CVE-2015-8139 CVE-2015-8140 CVE-2015-8158
Affected Products:
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that solves 12 vulnerabilities and has 8 fixes is
now available.
Description:
ntp was updated to version 4.2.8p6 to fix 12 security issues.
These security issues were fixed:
- CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).
- CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).
- CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated
broadcast mode (bsc#962784).
- CVE-2015-7978: Stack exhaustion in recursive traversal of restriction
list (bsc#963000).
- CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).
- CVE-2015-7976: ntpq saveconfig command allows dangerous characters in
filenames (bsc#962802).
- CVE-2015-7975: nextvar() missing length check (bsc#962988).
- CVE-2015-7974: Skeleton Key: Missing key check allows impersonation
between authenticated peers (bsc#962960).
- CVE-2015-7973: Replay attack on authenticated broadcast mode
(bsc#962995).
- CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).
- CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).
- CVE-2015-5300: MITM attacker could have forced ntpd to make a step
larger than the panic threshold (bsc#951629).
These non-security issues were fixed:
- fate#320758 bsc#975981: Enable compile-time support for MS-SNTP
(--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added
the authreg directive.
- bsc#962318: Call /usr/sbin/sntp with full path to synchronize in
start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which
caused the synchronization to fail.
- bsc#782060: Speedup ntpq.
- bsc#916617: Add /var/db/ntp-kod.
- bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen
quite a lot on loaded systems.
- bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST.
- Add ntp-fork.patch and build with threads disabled to allow name
resolution even when running chrooted.
- bsc#784760: Remove local clock from default configuration
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-ntp-12533=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-ntp-12533=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
ntp-4.2.8p6-8.2
ntp-doc-4.2.8p6-8.2
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
ntp-debuginfo-4.2.8p6-8.2
ntp-debugsource-4.2.8p6-8.2
References:
https://www.suse.com/security/cve/CVE-2015-5300.html
https://www.suse.com/security/cve/CVE-2015-7973.html
https://www.suse.com/security/cve/CVE-2015-7974.html
https://www.suse.com/security/cve/CVE-2015-7975.html
https://www.suse.com/security/cve/CVE-2015-7976.html
https://www.suse.com/security/cve/CVE-2015-7977.html
https://www.suse.com/security/cve/CVE-2015-7978.html
https://www.suse.com/security/cve/CVE-2015-7979.html
https://www.suse.com/security/cve/CVE-2015-8138.html
https://www.suse.com/security/cve/CVE-2015-8139.html
https://www.suse.com/security/cve/CVE-2015-8140.html
https://www.suse.com/security/cve/CVE-2015-8158.html
https://bugzilla.suse.com/782060
https://bugzilla.suse.com/784760
https://bugzilla.suse.com/916617
https://bugzilla.suse.com/951559
https://bugzilla.suse.com/951629
https://bugzilla.suse.com/956773
https://bugzilla.suse.com/962318
https://bugzilla.suse.com/962784
https://bugzilla.suse.com/962802
https://bugzilla.suse.com/962960
https://bugzilla.suse.com/962966
https://bugzilla.suse.com/962970
https://bugzilla.suse.com/962988
https://bugzilla.suse.com/962994
https://bugzilla.suse.com/962995
https://bugzilla.suse.com/962997
https://bugzilla.suse.com/963000
https://bugzilla.suse.com/963002
https://bugzilla.suse.com/975496
https://bugzilla.suse.com/975981
- ---
SUSE Security Update: Security update for ntp
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:1177-1
Rating: important
References: #782060 #916617 #937837 #951559 #951629 #956773
#962318 #962784 #962802 #962960 #962966 #962970
#962988 #962994 #962995 #962997 #963000 #963002
#975496 #975981
Cross-References: CVE-2015-5300 CVE-2015-7973 CVE-2015-7974
CVE-2015-7975 CVE-2015-7976 CVE-2015-7977
CVE-2015-7978 CVE-2015-7979 CVE-2015-8138
CVE-2015-8139 CVE-2015-8140 CVE-2015-8158
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Server 12-SP1
SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________
An update that solves 12 vulnerabilities and has 8 fixes is
now available.
Description:
ntp was updated to version 4.2.8p6 to fix 12 security issues.
Also yast2-ntp-client was updated to match some sntp syntax changes.
(bsc#937837)
These security issues were fixed:
- CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).
- CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).
- CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated
broadcast mode (bsc#962784).
- CVE-2015-7978: Stack exhaustion in recursive traversal of restriction
list (bsc#963000).
- CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).
- CVE-2015-7976: ntpq saveconfig command allows dangerous characters in
filenames (bsc#962802).
- CVE-2015-7975: nextvar() missing length check (bsc#962988).
- CVE-2015-7974: Skeleton Key: Missing key check allows impersonation
between authenticated peers (bsc#962960).
- CVE-2015-7973: Replay attack on authenticated broadcast mode
(bsc#962995).
- CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).
- CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).
- CVE-2015-5300: MITM attacker could have forced ntpd to make a step
larger than the panic threshold (bsc#951629).
These non-security issues were fixed:
- fate#320758 bsc#975981: Enable compile-time support for MS-SNTP
(--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added
the authreg directive.
- bsc#962318: Call /usr/sbin/sntp with full path to synchronize in
start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which
caused the synchronization to fail.
- bsc#782060: Speedup ntpq.
- bsc#916617: Add /var/db/ntp-kod.
- bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen
quite a lot on loaded systems.
- bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST.
- Add ntp-fork.patch and build with threads disabled to allow name
resolution even when running chrooted.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP1:
zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-694=1
- SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-694=1
- SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-694=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch):
yast2-ntp-client-devel-doc-3.1.22-6.2
- SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
ntp-4.2.8p6-8.2
ntp-debuginfo-4.2.8p6-8.2
ntp-debugsource-4.2.8p6-8.2
ntp-doc-4.2.8p6-8.2
- SUSE Linux Enterprise Server 12-SP1 (noarch):
yast2-ntp-client-3.1.22-6.2
- SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
ntp-4.2.8p6-8.2
ntp-debuginfo-4.2.8p6-8.2
ntp-debugsource-4.2.8p6-8.2
ntp-doc-4.2.8p6-8.2
- SUSE Linux Enterprise Desktop 12-SP1 (noarch):
yast2-ntp-client-3.1.22-6.2
References:
https://www.suse.com/security/cve/CVE-2015-5300.html
https://www.suse.com/security/cve/CVE-2015-7973.html
https://www.suse.com/security/cve/CVE-2015-7974.html
https://www.suse.com/security/cve/CVE-2015-7975.html
https://www.suse.com/security/cve/CVE-2015-7976.html
https://www.suse.com/security/cve/CVE-2015-7977.html
https://www.suse.com/security/cve/CVE-2015-7978.html
https://www.suse.com/security/cve/CVE-2015-7979.html
https://www.suse.com/security/cve/CVE-2015-8138.html
https://www.suse.com/security/cve/CVE-2015-8139.html
https://www.suse.com/security/cve/CVE-2015-8140.html
https://www.suse.com/security/cve/CVE-2015-8158.html
https://bugzilla.suse.com/782060
https://bugzilla.suse.com/916617
https://bugzilla.suse.com/937837
https://bugzilla.suse.com/951559
https://bugzilla.suse.com/951629
https://bugzilla.suse.com/956773
https://bugzilla.suse.com/962318
https://bugzilla.suse.com/962784
https://bugzilla.suse.com/962802
https://bugzilla.suse.com/962960
https://bugzilla.suse.com/962966
https://bugzilla.suse.com/962970
https://bugzilla.suse.com/962988
https://bugzilla.suse.com/962994
https://bugzilla.suse.com/962995
https://bugzilla.suse.com/962997
https://bugzilla.suse.com/963000
https://bugzilla.suse.com/963002
https://bugzilla.suse.com/975496
https://bugzilla.suse.com/975981
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVyKrt36ZAP0PgtI9AQIs6A/+MNPwHCMcJXlaOYMeZzB8xjI0uo6lC8Y2
YdSNMZiiu63PtZSK22UaRpvjcGuWoVBYVbvdVNa07v6mEiJnFy7SWg4lHkiFCf9D
jsoFLBY2sq/AEChjKH1pM0Qfvy+9E5hMRUQ26J96l4KehEPq3HmEYKNTkq09lkBd
iNqD6542q8Q5SrUbQtglvUF/dSwCSvH5hB8l6odwn2GHl+mjbEl1+mZuFKA0hz1J
JJTL6Z0HIJt/UkUBvJf4UpNBMzzCkuD38ETn9P8mt0gp6S4i7PUFf7YVBPlRbOyq
HL7pLQZ3DxbjHvX00/R6ti9tUNFsECCaA7Cp+Zj6CqLj1yi9u94dlj0yZRJ8W0oV
3MTzADhkwdHydfMyEM3v4pUJkXjwtA7CqDTv8zsKNyO7I0BpJA9luujk98KtACBA
nV/0bvI5DRTF04wnI7jJBEqwbg5pdDBZy+UrzHvUJR4T/Owr4/YS4LqfUfMQkDZN
mvqqPYmxvdeArydybbtqvHqAteTBPzLKMCbUEgl0VbpvYofjC0NR6db+Ue6KHueP
maJug5j9Raudv0kOfmxdmBxpUyihnRKKFBGaupk3xso1U/QKBRC37/tJUrSS1qUo
9B3miFUCdcWnUu7IIZJAP6+pCePc0PXHs+lD0kuZDdsfZ4V4yelCYZsK5ky/Cshm
X3uhhwoBsQA=
=QWBD
-----END PGP SIGNATURE-----