SUSE-SU-2018:0808-1
- Source
- https://www.suse.com/support/update/announcement/2018/suse-su-20180808-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:0808-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2018:0808-1
- Upstream
- Related
- Published
- 2018-03-26T09:50:07Z
- Modified
- 2025-05-08T17:01:46.814868Z
- Summary
- Security update for ntp
- Details
-
This update for ntp fixes the following issues:
Security issues fixed:
- CVE-2016-1549: Significant additional protections against CVE-2016-1549 that was fixed in ntp-4.2.8p7 (bsc#1082210).
- CVE-2018-7170: Ephemeral association time spoofing additional protection (bsc#1083424).
- CVE-2018-7182: Buffer read overrun leads information leak in ctl_getitem() (bsc#1083426).
- CVE-2018-7183: decodearr() can write beyond its buffer limit (bsc#1083417).
- CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state (bsc#1083422).
- CVE-2018-7185: Unauthenticated packet can reset authenticated interleaved association (bsc#1083420).
Bug fixes:
- bsc#1077445: Don't use libevent's cached time stamps in sntp.
- Disable CMAC in ntp when building against a version of OpenSSL that doesn't support it.
- References
-
- https://www.suse.com/support/update/announcement/2018/suse-su-20180808-1/
- https://bugzilla.suse.com/1077445
- https://bugzilla.suse.com/1082210
- https://bugzilla.suse.com/1083417
- https://bugzilla.suse.com/1083420
- https://bugzilla.suse.com/1083422
- https://bugzilla.suse.com/1083424
- https://bugzilla.suse.com/1083426
- https://www.suse.com/security/cve/CVE-2016-1549
- https://www.suse.com/security/cve/CVE-2018-7170
- https://www.suse.com/security/cve/CVE-2018-7182
- https://www.suse.com/security/cve/CVE-2018-7183
- https://www.suse.com/security/cve/CVE-2018-7184
- https://www.suse.com/security/cve/CVE-2018-7185
Affected packages
SUSE:Linux Enterprise Server 11 SP4 / ntp
Package
- Name
- ntp
- Purl
- pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4