Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
patchinfo.2324
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.2324
<patchinfo incident="2324"> <issue id="942587" tracker="bnc">ntpstat not included in SLES 12 ntp package</issue> <issue id="944300" tracker="bnc">ntp config: KOD does nothing without LIMITED</issue> <issue id="962988" tracker="bnc">VUL-1: CVE-2015-7975: ntp: nextvar() missing length check in ntpq</issue> <issue id="963002" tracker="bnc">VUL-0: CVE-2015-8138: ntp, xntp: Zero Origin Timestamp Bypass</issue> <issue id="963000" tracker="bnc">VUL-0: CVE-2015-7978: ntp, xntp: Stack exhaustion in recursive traversal of restriction list</issue> <issue id="962784" tracker="bnc">VUL-0: CVE-2015-7979: ntp,xntp: off-path denial of service on authenticated broadcast mode</issue> <issue id="962960" tracker="bnc">VUL-1: CVE-2015-7974: ntp,xntp: Missing key check allows impersonation between authenticated peers</issue> <issue id="962802" tracker="bnc">VUL-1: CVE-2015-7976: ntp,xntp: 'ntpq saveconfig' command allows dangerous characters in filenames</issue> <issue id="962966" tracker="bnc">VUL-1: CVE-2015-8158: ntp,xntp: potential infinite loop in ntpq</issue> <issue id="916617" tracker="bnc">sntp command line syntax has changed</issue> <issue id="951629" tracker="bnc">VUL-0: CVE-2015-5300: ntp: MITM attacker can force ntpd to make a step larger than the panic threshold</issue> <issue id="905885" tracker="bnc">FIPS: ntpd creates MD5 keys by default in %post</issue> <issue id="951608" tracker="bnc">VUL-0: ntp: October 2015 update fixes several low and medium severity vulnerabilities</issue> <issue id="962995" tracker="bnc">VUL-0: CVE-2015-7973: ntp,xntp: replay attack on authenticated broadcast mode</issue> <issue id="951559" tracker="bnc">sntp prints wrong offset to UTC during DST</issue> <issue id="936327" tracker="bnc">ntpd runtime configuration ("start-ntp addserver 192.168.200.1") not working</issue> <issue id="910063" tracker="bnc">rcntp from ntp.conf should be removed.</issue> <issue id="920238" tracker="bnc">ntpdc times out when trying to talk to the ntp server</issue> <issue id="926510" tracker="bnc">[Beta3][Build1040] [Build1041][yast2-ntp-client] Cannot read current settings error</issue> <issue id="954982" tracker="bnc">Local clock not working in ntp</issue> <issue id="946386" tracker="bnc">ntpd runtime configuration ("start-ntp addserver 192.168.200.1") not working</issue> <issue id="962970" tracker="bnc">VUL-0: CVE-2015-7977: ntp,xntp: restriction list NULL pointer dereference</issue> <issue id="956773" tracker="bnc">ntp: routing socket reports: No buffer space available</issue> <issue id="962994" tracker="bnc">VUL-0: CVE-2015-8140: ntp,xntp: ntpq protocol vulnerable to replay attacks</issue> <issue id="962997" tracker="bnc">VUL-1: CVE-2015-8139: ntp, xntp: Disclose Origin Timestamp to Unauthenticated Clients</issue> <issue id="975496" tracker="bnc">sntp prints invalid datestr</issue> <issue id="782060" tracker="bnc">ntpq is very slow</issue> <issue id="962318" tracker="bnc">NTP client doesn`t work in "synchronize without daemon" mode</issue> <issue id="975981" tracker="bnc">[TRACKERBUG] FATE#320758: Enable MSSNTP in ntp package</issue> <issue id="937837" tracker="bnc">sntp command line syntax has changed</issue> <issue id="CVE-2015-7691" tracker="cve" /> <issue id="CVE-2015-8158" tracker="cve" /> <issue id="CVE-2015-7973" tracker="cve" /> <issue id="CVE-2015-7976" tracker="cve" /> <issue id="CVE-2015-7977" tracker="cve" /> <issue id="CVE-2015-7974" tracker="cve" /> <issue id="CVE-2015-7975" tracker="cve" /> <issue id="CVE-2015-7855" tracker="cve" /> <issue id="CVE-2015-7854" tracker="cve" /> <issue id="CVE-2015-7978" tracker="cve" /> <issue id="CVE-2015-7979" tracker="cve" /> <issue id="CVE-2015-7851" tracker="cve" /> <issue id="CVE-2015-7850" tracker="cve" /> <issue id="CVE-2015-7853" tracker="cve" /> <issue id="CVE-2015-7852" tracker="cve" /> <issue id="CVE-2015-8140" tracker="cve" /> <issue id="CVE-2015-7705" tracker="cve" /> <issue id="CVE-2015-7704" tracker="cve" /> <issue id="CVE-2015-7701" tracker="cve" /> <issue id="CVE-2015-7703" tracker="cve" /> <issue id="CVE-2015-7702" tracker="cve" /> <issue id="CVE-2015-5300" tracker="cve" /> <issue id="CVE-2015-7848" tracker="cve" /> <issue id="CVE-2015-7849" tracker="cve" /> <issue id="CVE-2015-8139" tracker="cve" /> <issue id="CVE-2015-8138" tracker="cve" /> <issue id="CVE-2015-7692" tracker="cve" /> <issue id="CVE-2015-7871" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>rmax</packager> <description>ntp was updated to version 4.2.8p6 to fix 28 security issues. Major functional changes: - The "sntp" commandline tool changed its option handling in a major way, some options have been renamed or dropped. - "controlkey 1" is added during update to ntp.conf to allow sntp to work. - The local clock is being disabled during update. - ntpd is no longer running chrooted. Other functional changes: - ntp-signd is installed. - "enable mode7" can be added to the configuration to allow ntdpc to work as compatibility mode option. - "kod" was removed from the default restrictions. - SHA1 keys are used by default instead of MD5 keys. Also yast2-ntp-client was updated to match some sntp syntax changes. (bsc#937837) These security issues were fixed: - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966). - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002). - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784). - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000). - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970). - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames (bsc#962802). - CVE-2015-7975: nextvar() missing length check (bsc#962988). - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers (bsc#962960). - CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995). - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994). - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997). - CVE-2015-5300: MITM attacker could have forced ntpd to make a step larger than the panic threshold (bsc#951629). - CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK (bsc#951608). - CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (bsc#951608). - CVE-2015-7854: Password Length Memory Corruption Vulnerability (bsc#951608). - CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow (bsc#951608). - CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability (bsc#951608). - CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#951608). - CVE-2015-7850: remote config logfile-keyfile (bsc#951608). - CVE-2015-7849: trusted key use-after-free (bsc#951608). - CVE-2015-7848: mode 7 loop counter underrun (bsc#951608). - CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#951608). - CVE-2015-7703: configuration directives "pidfile" and "driftfile" should only be allowed locally (bsc#951608). - CVE-2015-7704, CVE-2015-7705: Clients that receive a KoD should validate the origin timestamp field (bsc#951608). - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702: Incomplete autokey data packet length checks (bsc#951608). These non-security issues were fixed: - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added the authreg directive. - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. - bsc#782060: Speedup ntpq. - bsc#916617: Add /var/db/ntp-kod. - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems. - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST. - Add ntp-fork.patch and build with threads disabled to allow name resolution even when running chrooted. - Add a controlkey line to /etc/ntp.conf if one does not already exist to allow runtime configuuration via ntpq. - bsc#946386: Temporarily disable memlock to avoid problems due to high memory usage during name resolution. - bsc#905885: Use SHA1 instead of MD5 for symmetric keys. - Improve runtime configuration: * Read keytype from ntp.conf * Don't write ntp keys to syslog. - Fix legacy action scripts to pass on command line arguments. - bsc#944300: Remove "kod" from the restrict line in ntp.conf. - bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd. - Add a controlkey to ntp.conf to make the above work. - Don't let "keysdir" lines in ntp.conf trigger the "keys" parser. - Disable mode 7 (ntpdc) again, now that we don't use it anymore. - Add "addserver" as a new legacy action. - bsc#910063: Fix the comment regarding addserver in ntp.conf. - bsc#926510: Disable chroot by default. - bsc#920238: Enable ntpdc for backwards compatibility. </description> <summary>Security update for ntp</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor