Jump to content
Compatible Support Forums
Sign in to follow this  
news

[security-announce] SUSE-SU-2016:1311-1: important: Security update for ntp

Recommended Posts

SUSE Security Update: Security update for ntp

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2016:1311-1

Rating: important

References: #782060 #784760 #905885 #910063 #916617 #920183

#920238 #926510 #936327 #937837 #942441 #942587

#943216 #943218 #944300 #946386 #951351 #951559

#951608 #951629 #954982 #956773 #962318 #962784

#962802 #962960 #962966 #962970 #962988 #962994

#962995 #962997 #963000 #963002 #975496 #975981

 

Cross-References: CVE-2015-5194 CVE-2015-5219 CVE-2015-5300

CVE-2015-7691 CVE-2015-7692 CVE-2015-7701

CVE-2015-7702 CVE-2015-7703 CVE-2015-7704

CVE-2015-7705 CVE-2015-7848 CVE-2015-7849

CVE-2015-7850 CVE-2015-7851 CVE-2015-7852

CVE-2015-7853 CVE-2015-7854 CVE-2015-7855

CVE-2015-7871 CVE-2015-7973 CVE-2015-7974

CVE-2015-7975 CVE-2015-7976 CVE-2015-7977

CVE-2015-7978 CVE-2015-7979 CVE-2015-8138

CVE-2015-8139 CVE-2015-8140 CVE-2015-8158

 

Affected Products:

SUSE OpenStack Cloud 5

SUSE Manager Proxy 2.1

SUSE Manager 2.1

SUSE Linux Enterprise Server 11-SP3-LTSS

SUSE Linux Enterprise Server 11-SP2-LTSS

SUSE Linux Enterprise Debuginfo 11-SP3

SUSE Linux Enterprise Debuginfo 11-SP2

______________________________________________________________________________

 

An update that solves 30 vulnerabilities and has 6 fixes is

now available.

 

Description:

 

 

This network time protocol server ntp was updated to 4.2.8p6 to fix the

following issues:

 

Also yast2-ntp-client was updated to match some sntp syntax changes.

(bsc#937837)

 

Major functional changes:

- The "sntp" commandline tool changed its option handling in a major way.

- "controlkey 1" is added during update to ntp.conf to allow sntp to work.

- The local clock is being disabled during update.

- ntpd is no longer running chrooted.

 

 

Other functional changes:

- ntp-signd is installed.

- "enable mode7" can be added to the configuration to allow ntdpc to work

as compatibility mode option.

- "kod" was removed from the default restrictions.

- SHA1 keys are used by default instead of MD5 keys.

 

These security issues were fixed:

- CVE-2015-5219: An endless loop due to incorrect precision to double

conversion (bsc#943216).

- CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).

- CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).

- CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated

broadcast mode (bsc#962784).

- CVE-2015-7978: Stack exhaustion in recursive traversal of restriction

list (bsc#963000).

- CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).

- CVE-2015-7976: ntpq saveconfig command allows dangerous characters in

filenames (bsc#962802).

- CVE-2015-7975: nextvar() missing length check (bsc#962988).

- CVE-2015-7974: Skeleton Key: Missing key check allows impersonation

between authenticated peers (bsc#962960).

- CVE-2015-7973: Replay attack on authenticated broadcast mode

(bsc#962995).

- CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).

- CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).

- CVE-2015-5300: MITM attacker could have forced ntpd to make a step

larger than the panic threshold (bsc#951629).

- CVE-2015-7871: NAK to the Future: Symmetric association authentication

bypass via crypto-NAK (bsc#951608).

- CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning

FAIL on some bogus values (bsc#951608).

- CVE-2015-7854: Password Length Memory Corruption Vulnerability

(bsc#951608).

- CVE-2015-7853: Invalid length data provided by a custom refclock driver

could cause a buffer overflow (bsc#951608).

- CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability

(bsc#951608).

- CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#951608).

- CVE-2015-7850: remote config logfile-keyfile (bsc#951608).

- CVE-2015-7849: trusted key use-after-free (bsc#951608).

- CVE-2015-7848: mode 7 loop counter underrun (bsc#951608).

- CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#951608).

- CVE-2015-7703: configuration directives "pidfile" and "driftfile" should

only be allowed locally (bsc#951608).

- CVE-2015-7704, CVE-2015-7705: Clients that receive a KoD should validate

the origin timestamp field (bsc#951608).

- CVE-2015-7691, CVE-2015-7692, CVE-2015-7702: Incomplete autokey data

packet length checks (bsc#951608).

 

These non-security issues were fixed:

- fate#320758 bsc#975981: Enable compile-time support for MS-SNTP

(--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added

the authreg directive.

- bsc#962318: Call /usr/sbin/sntp with full path to synchronize in

start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which

caused the synchronization to fail.

- bsc#782060: Speedup ntpq.

- bsc#916617: Add /var/db/ntp-kod.

- bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen

quite a lot on loaded systems.

- bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST.

- Add ntp-fork.patch and build with threads disabled to allow name

resolution even when running chrooted.

- Add a controlkey line to /etc/ntp.conf if one does not already exist to

allow runtime configuuration via ntpq.

- bsc#946386: Temporarily disable memlock to avoid problems due to high

memory usage during name resolution.

- bsc#905885: Use SHA1 instead of MD5 for symmetric keys.

- Improve runtime configuration:

* Read keytype from ntp.conf

* Don't write ntp keys to syslog.

- Fix legacy action scripts to pass on command line arguments.

- bsc#944300: Remove "kod" from the restrict line in ntp.conf.

- bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd.

- Don't let "keysdir" lines in ntp.conf trigger the "keys" parser.

- Disable mode 7 (ntpdc) again, now that we don't use it anymore.

- Add "addserver" as a new legacy action.

- bsc#910063: Fix the comment regarding addserver in ntp.conf.

- bsc#926510: Disable chroot by default.

- bsc#920238: Enable ntpdc for backwards compatibility.

- bsc#784760: Remove local clock from default configuration.

- bsc#942441/fate#319496: Require perl-Socket6.

- Improve runtime configuration:

* Read keytype from ntp.conf

* Don't write ntp keys to syslog.

- bsc#920183: Allow -4 and -6 address qualifiers in "server" directives.

- Use upstream ntp-wait, because our version is incompatible with the new

ntpq command line syntax.

 

 

Patch Instructions:

 

To install this SUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- SUSE OpenStack Cloud 5:

 

zypper in -t patch sleclo50sp3-ntp-12561=1

 

- SUSE Manager Proxy 2.1:

 

zypper in -t patch slemap21-ntp-12561=1

 

- SUSE Manager 2.1:

 

zypper in -t patch sleman21-ntp-12561=1

 

- SUSE Linux Enterprise Server 11-SP3-LTSS:

 

zypper in -t patch slessp3-ntp-12561=1

 

- SUSE Linux Enterprise Server 11-SP2-LTSS:

 

zypper in -t patch slessp2-ntp-12561=1

 

- SUSE Linux Enterprise Debuginfo 11-SP3:

 

zypper in -t patch dbgsp3-ntp-12561=1

 

- SUSE Linux Enterprise Debuginfo 11-SP2:

 

zypper in -t patch dbgsp2-ntp-12561=1

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- SUSE OpenStack Cloud 5 (x86_64):

 

ntp-4.2.8p6-41.1

ntp-doc-4.2.8p6-41.1

 

- SUSE Manager Proxy 2.1 (x86_64):

 

ntp-4.2.8p6-41.1

ntp-doc-4.2.8p6-41.1

 

- SUSE Manager 2.1 (s390x x86_64):

 

ntp-4.2.8p6-41.1

ntp-doc-4.2.8p6-41.1

 

- SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):

 

ntp-4.2.8p6-41.1

ntp-doc-4.2.8p6-41.1

 

- SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64):

 

ntp-4.2.8p6-41.1

ntp-doc-4.2.8p6-41.1

 

- SUSE Linux Enterprise Server 11-SP2-LTSS (noarch):

 

yast2-ntp-client-2.17.14.1-1.12.1

 

- SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):

 

ntp-debuginfo-4.2.8p6-41.1

ntp-debugsource-4.2.8p6-41.1

 

- SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64):

 

ntp-debuginfo-4.2.8p6-41.1

ntp-debugsource-4.2.8p6-41.1

 

 

References:

 

https://www.suse.com/security/cve/CVE-2015-5194.html

https://www.suse.com/security/cve/CVE-2015-5219.html

https://www.suse.com/security/cve/CVE-2015-5300.html

https://www.suse.com/security/cve/CVE-2015-7691.html

https://www.suse.com/security/cve/CVE-2015-7692.html

https://www.suse.com/security/cve/CVE-2015-7701.html

https://www.suse.com/security/cve/CVE-2015-7702.html

https://www.suse.com/security/cve/CVE-2015-7703.html

https://www.suse.com/security/cve/CVE-2015-7704.html

https://www.suse.com/security/cve/CVE-2015-7705.html

https://www.suse.com/security/cve/CVE-2015-7848.html

https://www.suse.com/security/cve/CVE-2015-7849.html

https://www.suse.com/security/cve/CVE-2015-7850.html

https://www.suse.com/security/cve/CVE-2015-7851.html

https://www.suse.com/security/cve/CVE-2015-7852.html

https://www.suse.com/security/cve/CVE-2015-7853.html

https://www.suse.com/security/cve/CVE-2015-7854.html

https://www.suse.com/security/cve/CVE-2015-7855.html

https://www.suse.com/security/cve/CVE-2015-7871.html

https://www.suse.com/security/cve/CVE-2015-7973.html

https://www.suse.com/security/cve/CVE-2015-7974.html

https://www.suse.com/security/cve/CVE-2015-7975.html

https://www.suse.com/security/cve/CVE-2015-7976.html

https://www.suse.com/security/cve/CVE-2015-7977.html

https://www.suse.com/security/cve/CVE-2015-7978.html

https://www.suse.com/security/cve/CVE-2015-7979.html

https://www.suse.com/security/cve/CVE-2015-8138.html

https://www.suse.com/security/cve/CVE-2015-8139.html

https://www.suse.com/security/cve/CVE-2015-8140.html

https://www.suse.com/security/cve/CVE-2015-8158.html

https://bugzilla.suse.com/782060

https://bugzilla.suse.com/784760

https://bugzilla.suse.com/905885

https://bugzilla.suse.com/910063

https://bugzilla.suse.com/916617

https://bugzilla.suse.com/920183

https://bugzilla.suse.com/920238

https://bugzilla.suse.com/926510

https://bugzilla.suse.com/936327

https://bugzilla.suse.com/937837

https://bugzilla.suse.com/942441

https://bugzilla.suse.com/942587

https://bugzilla.suse.com/943216

https://bugzilla.suse.com/943218

https://bugzilla.suse.com/944300

https://bugzilla.suse.com/946386

https://bugzilla.suse.com/951351

https://bugzilla.suse.com/951559

https://bugzilla.suse.com/951608

https://bugzilla.suse.com/951629

https://bugzilla.suse.com/954982

https://bugzilla.suse.com/956773

https://bugzilla.suse.com/962318

https://bugzilla.suse.com/962784

https://bugzilla.suse.com/962802

https://bugzilla.suse.com/962960

https://bugzilla.suse.com/962966

https://bugzilla.suse.com/962970

https://bugzilla.suse.com/962988

https://bugzilla.suse.com/962994

https://bugzilla.suse.com/962995

https://bugzilla.suse.com/962997

https://bugzilla.suse.com/963000

https://bugzilla.suse.com/963002

https://bugzilla.suse.com/975496

https://bugzilla.suse.com/975981

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×