Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-8936 (GCVE-0-2019-8936)
Vulnerability from cvelistv5
Published
2019-05-15 15:37
Modified
2024-08-04 21:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
NTP through 4.2.8p12 has a NULL Pointer Dereference.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201903-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "openSUSE-SU-2019:1143",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html"
},
{
"name": "openSUSE-SU-2019:1158",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html"
},
{
"name": "FEDORA-2019-b0c7f0d94a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQDNHNYOJK2SRSGO23GQ2RXTOUY2HLNN/"
},
{
"name": "FEDORA-2019-694e3aa4e8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBGXY7OKWOLT6X6JAPVZRFEP4FLCGGST/"
},
{
"name": "FEDORA-2019-f781d5c4c6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190503-0001/"
},
{
"name": "FreeBSD-SA-19:04",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:04.ntp.asc"
},
{
"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:04.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/39"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=3565"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K61363039"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"name": "USN-4563-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4563-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NTP through 4.2.8p12 has a NULL Pointer Dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-07T15:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201903-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "openSUSE-SU-2019:1143",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html"
},
{
"name": "openSUSE-SU-2019:1158",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html"
},
{
"name": "FEDORA-2019-b0c7f0d94a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQDNHNYOJK2SRSGO23GQ2RXTOUY2HLNN/"
},
{
"name": "FEDORA-2019-694e3aa4e8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBGXY7OKWOLT6X6JAPVZRFEP4FLCGGST/"
},
{
"name": "FEDORA-2019-f781d5c4c6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190503-0001/"
},
{
"name": "FreeBSD-SA-19:04",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:04.ntp.asc"
},
{
"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:04.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/39"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=3565"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K61363039"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"name": "USN-4563-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4563-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTP through 4.2.8p12 has a NULL Pointer Dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201903-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-15"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
"refsource": "MISC",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "openSUSE-SU-2019:1143",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html"
},
{
"name": "openSUSE-SU-2019:1158",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html"
},
{
"name": "FEDORA-2019-b0c7f0d94a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQDNHNYOJK2SRSGO23GQ2RXTOUY2HLNN/"
},
{
"name": "FEDORA-2019-694e3aa4e8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBGXY7OKWOLT6X6JAPVZRFEP4FLCGGST/"
},
{
"name": "FEDORA-2019-f781d5c4c6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190503-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190503-0001/"
},
{
"name": "FreeBSD-SA-19:04",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:04.ntp.asc"
},
{
"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:04.ntp",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/39"
},
{
"name": "http://bugs.ntp.org/show_bug.cgi?id=3565",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/show_bug.cgi?id=3565"
},
{
"name": "http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html"
},
{
"name": "https://support.f5.com/csp/article/K61363039",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K61363039"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"name": "USN-4563-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4563-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-8936",
"datePublished": "2019-05-15T15:37:31",
"dateReserved": "2019-02-19T00:00:00",
"dateUpdated": "2024-08-04T21:31:37.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-8936\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-05-15T16:29:01.223\",\"lastModified\":\"2024-11-21T04:50:41.733\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NTP through 4.2.8p12 has a NULL Pointer Dereference.\"},{\"lang\":\"es\",\"value\":\"NTP hasta 4.2.8p12 tiene una desreferencia del puntero NULL.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2\",\"matchCriteriaId\":\"C68F28EC-4283-4A8D-83CD-E69B2A85B0C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*\",\"matchCriteriaId\":\"392A1364-2739-450D-9E19-DFF93081C2C6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D100F7CE-FC64-4CC6-852A-6136D72DA419\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hpe:hpux-ntp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"c.4.2.8.4.0\",\"matchCriteriaId\":\"F1A1FDA7-BE46-4FAB-A3FD-9A40C770C4AB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.2.8\",\"matchCriteriaId\":\"CED3C1F7-6FFA-44D1-BC56-2BB1963F3B9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEA51D83-5841-4335-AF07-7A43C118CAAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"49ADE0C3-F75C-4EC0-8805-56013F0EB92C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8FF625A-EFA3-43D1-8698-4A37AE31A07C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3B99BBD-97FE-4615-905A-A614592226F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7A9AD3A-F030-4331-B52A-518BD963AB8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"C293B8BE-6691-4944-BCD6-25EB98CABC73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEA650F8-2576-494A-A861-61572CA319D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4ED21EE8-7CBF-4BC5-BFC3-185D41296238\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BC62D4E-D519-458C-BE4E-10DDB73A97D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C420117-862A-41A9-BAE8-8B3478FAEBC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A484251-3220-498C-83FE-A04B013A31A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C76A0B44-13DE-4173-8D05-DA54F6A71759\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1450241C-2F6D-4122-B33C-D78D065BA403\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"721AFD22-91D3-488E-A5E6-DD84C86E412B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"41E44E9F-6383-4E12-AEDC-B653FEA77A48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"466D9A37-2658-4695-9429-0C6BF4A631C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"99774181-5F12-446C-AC2C-DB1C52295EED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"99C71C00-7222-483B-AEFB-159337BD3C92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"75A9AA28-1B20-44BB-815C-7294A53E910E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C213794-111D-41F3-916C-AD97F731D600\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"50811A7B-0379-4437-8737-B4C1ACBC9EFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"F12E4CF5-536C-416B-AD8D-6AE7CBE22C71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE002C76-406D-4F22-B738-E17BDEA70BCC\"}]}]}],\"references\":[{\"url\":\"http://bugs.ntp.org/show_bug.cgi?id=3565\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://support.ntp.org/bin/view/Main/SecurityNotice\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBGXY7OKWOLT6X6JAPVZRFEP4FLCGGST/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQDNHNYOJK2SRSGO23GQ2RXTOUY2HLNN/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/May/39\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:04.ntp.asc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201903-15\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190503-0001/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K61363039\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4563-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://bugs.ntp.org/show_bug.cgi?id=3565\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://support.ntp.org/bin/view/Main/SecurityNotice\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBGXY7OKWOLT6X6JAPVZRFEP4FLCGGST/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQDNHNYOJK2SRSGO23GQ2RXTOUY2HLNN/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/May/39\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:04.ntp.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201903-15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190503-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K61363039\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4563-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
ghsa-54w8-prj8-6v5f
Vulnerability from github
Published
2022-05-24 16:45
Modified
2024-04-04 00:39
Severity ?
VLAI Severity ?
Details
NTP through 4.2.8p12 has a NULL Pointer Dereference.
{
"affected": [],
"aliases": [
"CVE-2019-8936"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-15T16:29:00Z",
"severity": "HIGH"
},
"details": "NTP through 4.2.8p12 has a NULL Pointer Dereference.",
"id": "GHSA-54w8-prj8-6v5f",
"modified": "2024-04-04T00:39:49Z",
"published": "2022-05-24T16:45:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8936"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBGXY7OKWOLT6X6JAPVZRFEP4FLCGGST"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQDNHNYOJK2SRSGO23GQ2RXTOUY2HLNN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBGXY7OKWOLT6X6JAPVZRFEP4FLCGGST"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQDNHNYOJK2SRSGO23GQ2RXTOUY2HLNN"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/May/39"
},
{
"type": "WEB",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:04.ntp.asc"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201903-15"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190503-0001"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K61363039"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4563-1"
},
{
"type": "WEB",
"url": "http://bugs.ntp.org/show_bug.cgi?id=3565"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html"
},
{
"type": "WEB",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
gsd-2019-8936
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
NTP through 4.2.8p12 has a NULL Pointer Dereference.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-8936",
"description": "NTP through 4.2.8p12 has a NULL Pointer Dereference.",
"id": "GSD-2019-8936",
"references": [
"https://www.suse.com/security/cve/CVE-2019-8936.html",
"https://ubuntu.com/security/CVE-2019-8936",
"https://advisories.mageia.org/CVE-2019-8936.html",
"https://alas.aws.amazon.com/cve/html/CVE-2019-8936.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-8936"
],
"details": "NTP through 4.2.8p12 has a NULL Pointer Dereference.",
"id": "GSD-2019-8936",
"modified": "2023-12-13T01:23:47.925074Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTP through 4.2.8p12 has a NULL Pointer Dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201903-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-15"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
"refsource": "MISC",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "openSUSE-SU-2019:1143",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html"
},
{
"name": "openSUSE-SU-2019:1158",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html"
},
{
"name": "FEDORA-2019-b0c7f0d94a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQDNHNYOJK2SRSGO23GQ2RXTOUY2HLNN/"
},
{
"name": "FEDORA-2019-694e3aa4e8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBGXY7OKWOLT6X6JAPVZRFEP4FLCGGST/"
},
{
"name": "FEDORA-2019-f781d5c4c6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190503-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190503-0001/"
},
{
"name": "FreeBSD-SA-19:04",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:04.ntp.asc"
},
{
"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:04.ntp",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/39"
},
{
"name": "http://bugs.ntp.org/show_bug.cgi?id=3565",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/show_bug.cgi?id=3565"
},
{
"name": "http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html"
},
{
"name": "https://support.f5.com/csp/article/K61363039",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K61363039"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"name": "USN-4563-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4563-1/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hpe:hpux-ntp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "c.4.2.8.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.2.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p11:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p12:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8936"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "NTP through 4.2.8p12 has a NULL Pointer Dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20190503-0001/",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190503-0001/"
},
{
"name": "GLSA-201903-15",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201903-15"
},
{
"name": "FreeBSD-SA-19:04",
"refsource": "FREEBSD",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:04.ntp.asc"
},
{
"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:04.ntp",
"refsource": "BUGTRAQ",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/39"
},
{
"name": "FEDORA-2019-b0c7f0d94a",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQDNHNYOJK2SRSGO23GQ2RXTOUY2HLNN/"
},
{
"name": "FEDORA-2019-694e3aa4e8",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBGXY7OKWOLT6X6JAPVZRFEP4FLCGGST/"
},
{
"name": "FEDORA-2019-f781d5c4c6",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP/"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
"refsource": "MISC",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "openSUSE-SU-2019:1158",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html"
},
{
"name": "openSUSE-SU-2019:1143",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html"
},
{
"name": "http://bugs.ntp.org/show_bug.cgi?id=3565",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=3565"
},
{
"name": "http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html"
},
{
"name": "https://support.f5.com/csp/article/K61363039",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K61363039"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"name": "USN-4563-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4563-1/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2020-10-07T16:15Z",
"publishedDate": "2019-05-15T16:29Z"
}
}
}
opensuse-su-2019:1143-1
Vulnerability from csaf_opensuse
Published
2019-04-04 14:12
Modified
2019-04-04 14:12
Summary
Security update for ntp
Notes
Title of the patch
Security update for ntp
Description of the patch
This update for ntp fixes the following issues:
Security issue fixed:
- CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause
segmentation fault to ntpd (bsc#1128525).
Other issues addressed:
- Fixed several bugs in the BANCOMM reclock driver.
- Fixed ntp_loopfilter.c snprintf compilation warnings.
- Fixed spurious initgroups() error message.
- Fixed STA_NANO struct timex units.
- Fixed GPS week rollover in libparse.
- Fixed incorrect poll interval in packet.
- Added a missing check for ENABLE_CMAC.
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2019-1143
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ntp",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ntp fixes the following issues:\n\nSecurity issue fixed: \t \n\n- CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause \n segmentation fault to ntpd (bsc#1128525).\n\nOther issues addressed:\n\n- Fixed several bugs in the BANCOMM reclock driver.\n- Fixed ntp_loopfilter.c snprintf compilation warnings.\n- Fixed spurious initgroups() error message.\n- Fixed STA_NANO struct timex units.\n- Fixed GPS week rollover in libparse.\n- Fixed incorrect poll interval in packet.\n- Added a missing check for ENABLE_CMAC.\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1143",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1143-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1143-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EAPUXDEF7NLAPPMGD5IXCEOETMLBUN2T/#EAPUXDEF7NLAPPMGD5IXCEOETMLBUN2T"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1143-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EAPUXDEF7NLAPPMGD5IXCEOETMLBUN2T/#EAPUXDEF7NLAPPMGD5IXCEOETMLBUN2T"
},
{
"category": "self",
"summary": "SUSE Bug 1128525",
"url": "https://bugzilla.suse.com/1128525"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8936 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8936/"
}
],
"title": "Security update for ntp",
"tracking": {
"current_release_date": "2019-04-04T14:12:28Z",
"generator": {
"date": "2019-04-04T14:12:28Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1143-1",
"initial_release_date": "2019-04-04T14:12:28Z",
"revision_history": [
{
"date": "2019-04-04T14:12:28Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p13-lp150.8.1.i586",
"product": {
"name": "ntp-4.2.8p13-lp150.8.1.i586",
"product_id": "ntp-4.2.8p13-lp150.8.1.i586"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p13-lp150.8.1.i586",
"product": {
"name": "ntp-doc-4.2.8p13-lp150.8.1.i586",
"product_id": "ntp-doc-4.2.8p13-lp150.8.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p13-lp150.8.1.x86_64",
"product": {
"name": "ntp-4.2.8p13-lp150.8.1.x86_64",
"product_id": "ntp-4.2.8p13-lp150.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p13-lp150.8.1.x86_64",
"product": {
"name": "ntp-doc-4.2.8p13-lp150.8.1.x86_64",
"product_id": "ntp-doc-4.2.8p13-lp150.8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-lp150.8.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:ntp-4.2.8p13-lp150.8.1.i586"
},
"product_reference": "ntp-4.2.8p13-lp150.8.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:ntp-4.2.8p13-lp150.8.1.x86_64"
},
"product_reference": "ntp-4.2.8p13-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-lp150.8.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:ntp-doc-4.2.8p13-lp150.8.1.i586"
},
"product_reference": "ntp-doc-4.2.8p13-lp150.8.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:ntp-doc-4.2.8p13-lp150.8.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p13-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-8936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8936"
}
],
"notes": [
{
"category": "general",
"text": "NTP through 4.2.8p12 has a NULL Pointer Dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:ntp-4.2.8p13-lp150.8.1.i586",
"openSUSE Leap 15.0:ntp-4.2.8p13-lp150.8.1.x86_64",
"openSUSE Leap 15.0:ntp-doc-4.2.8p13-lp150.8.1.i586",
"openSUSE Leap 15.0:ntp-doc-4.2.8p13-lp150.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8936",
"url": "https://www.suse.com/security/cve/CVE-2019-8936"
},
{
"category": "external",
"summary": "SUSE Bug 1128525 for CVE-2019-8936",
"url": "https://bugzilla.suse.com/1128525"
},
{
"category": "external",
"summary": "SUSE Bug 1148892 for CVE-2019-8936",
"url": "https://bugzilla.suse.com/1148892"
},
{
"category": "external",
"summary": "SUSE Bug 1155513 for CVE-2019-8936",
"url": "https://bugzilla.suse.com/1155513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:ntp-4.2.8p13-lp150.8.1.i586",
"openSUSE Leap 15.0:ntp-4.2.8p13-lp150.8.1.x86_64",
"openSUSE Leap 15.0:ntp-doc-4.2.8p13-lp150.8.1.i586",
"openSUSE Leap 15.0:ntp-doc-4.2.8p13-lp150.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:ntp-4.2.8p13-lp150.8.1.i586",
"openSUSE Leap 15.0:ntp-4.2.8p13-lp150.8.1.x86_64",
"openSUSE Leap 15.0:ntp-doc-4.2.8p13-lp150.8.1.i586",
"openSUSE Leap 15.0:ntp-doc-4.2.8p13-lp150.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-04T14:12:28Z",
"details": "moderate"
}
],
"title": "CVE-2019-8936"
}
]
}
opensuse-su-2024:11102-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
ntp-4.2.8p15-7.2 on GA media
Notes
Title of the patch
ntp-4.2.8p15-7.2 on GA media
Description of the patch
These are all security issues fixed in the ntp-4.2.8p15-7.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11102
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ntp-4.2.8p15-7.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ntp-4.2.8p15-7.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11102",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11102-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9042 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9042/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6451 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6451/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6458 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6458/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6460 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6460/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6462 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6462/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6463 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6463/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6464 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6464/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12327 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12327/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7170 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7170/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7182 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7183 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7184 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7185 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-8956 page",
"url": "https://www.suse.com/security/cve/CVE-2018-8956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8936 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8936/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11868 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13817 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15025 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15025/"
}
],
"title": "ntp-4.2.8p15-7.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11102-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-7.2.aarch64",
"product": {
"name": "ntp-4.2.8p15-7.2.aarch64",
"product_id": "ntp-4.2.8p15-7.2.aarch64"
}
},
{
"category": "product_version",
"name": "ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"product": {
"name": "ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"product_id": "ntp-dcf77-tools-4.2.8p15-7.2.aarch64"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-7.2.aarch64",
"product": {
"name": "ntp-doc-4.2.8p15-7.2.aarch64",
"product_id": "ntp-doc-4.2.8p15-7.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-7.2.ppc64le",
"product": {
"name": "ntp-4.2.8p15-7.2.ppc64le",
"product_id": "ntp-4.2.8p15-7.2.ppc64le"
}
},
{
"category": "product_version",
"name": "ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"product": {
"name": "ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"product_id": "ntp-dcf77-tools-4.2.8p15-7.2.ppc64le"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-7.2.ppc64le",
"product": {
"name": "ntp-doc-4.2.8p15-7.2.ppc64le",
"product_id": "ntp-doc-4.2.8p15-7.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-7.2.s390x",
"product": {
"name": "ntp-4.2.8p15-7.2.s390x",
"product_id": "ntp-4.2.8p15-7.2.s390x"
}
},
{
"category": "product_version",
"name": "ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"product": {
"name": "ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"product_id": "ntp-dcf77-tools-4.2.8p15-7.2.s390x"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-7.2.s390x",
"product": {
"name": "ntp-doc-4.2.8p15-7.2.s390x",
"product_id": "ntp-doc-4.2.8p15-7.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-7.2.x86_64",
"product": {
"name": "ntp-4.2.8p15-7.2.x86_64",
"product_id": "ntp-4.2.8p15-7.2.x86_64"
}
},
{
"category": "product_version",
"name": "ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"product": {
"name": "ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"product_id": "ntp-dcf77-tools-4.2.8p15-7.2.x86_64"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-7.2.x86_64",
"product": {
"name": "ntp-doc-4.2.8p15-7.2.x86_64",
"product_id": "ntp-doc-4.2.8p15-7.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-7.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64"
},
"product_reference": "ntp-4.2.8p15-7.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-7.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le"
},
"product_reference": "ntp-4.2.8p15-7.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-7.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x"
},
"product_reference": "ntp-4.2.8p15-7.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-7.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64"
},
"product_reference": "ntp-4.2.8p15-7.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-dcf77-tools-4.2.8p15-7.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64"
},
"product_reference": "ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-dcf77-tools-4.2.8p15-7.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le"
},
"product_reference": "ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-dcf77-tools-4.2.8p15-7.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x"
},
"product_reference": "ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-dcf77-tools-4.2.8p15-7.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64"
},
"product_reference": "ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-7.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64"
},
"product_reference": "ntp-doc-4.2.8p15-7.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-7.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le"
},
"product_reference": "ntp-doc-4.2.8p15-7.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-7.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x"
},
"product_reference": "ntp-doc-4.2.8p15-7.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-7.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
},
"product_reference": "ntp-doc-4.2.8p15-7.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-9042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9042"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9042",
"url": "https://www.suse.com/security/cve/CVE-2016-9042"
},
{
"category": "external",
"summary": "SUSE Bug 1030050 for CVE-2016-9042",
"url": "https://bugzilla.suse.com/1030050"
},
{
"category": "external",
"summary": "SUSE Bug 1038049 for CVE-2016-9042",
"url": "https://bugzilla.suse.com/1038049"
},
{
"category": "external",
"summary": "SUSE Bug 1044525 for CVE-2016-9042",
"url": "https://bugzilla.suse.com/1044525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9042"
},
{
"cve": "CVE-2017-6451",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6451"
}
],
"notes": [
{
"category": "general",
"text": "The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6451",
"url": "https://www.suse.com/security/cve/CVE-2017-6451"
},
{
"category": "external",
"summary": "SUSE Bug 1030050 for CVE-2017-6451",
"url": "https://bugzilla.suse.com/1030050"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-6451"
},
{
"cve": "CVE-2017-6458",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6458"
}
],
"notes": [
{
"category": "general",
"text": "Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6458",
"url": "https://www.suse.com/security/cve/CVE-2017-6458"
},
{
"category": "external",
"summary": "SUSE Bug 1030050 for CVE-2017-6458",
"url": "https://bugzilla.suse.com/1030050"
},
{
"category": "external",
"summary": "SUSE Bug 1038049 for CVE-2017-6458",
"url": "https://bugzilla.suse.com/1038049"
},
{
"category": "external",
"summary": "SUSE Bug 1044525 for CVE-2017-6458",
"url": "https://bugzilla.suse.com/1044525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-6458"
},
{
"cve": "CVE-2017-6460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6460"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6460",
"url": "https://www.suse.com/security/cve/CVE-2017-6460"
},
{
"category": "external",
"summary": "SUSE Bug 1030050 for CVE-2017-6460",
"url": "https://bugzilla.suse.com/1030050"
},
{
"category": "external",
"summary": "SUSE Bug 1038049 for CVE-2017-6460",
"url": "https://bugzilla.suse.com/1038049"
},
{
"category": "external",
"summary": "SUSE Bug 1044525 for CVE-2017-6460",
"url": "https://bugzilla.suse.com/1044525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-6460"
},
{
"cve": "CVE-2017-6462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6462"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6462",
"url": "https://www.suse.com/security/cve/CVE-2017-6462"
},
{
"category": "external",
"summary": "SUSE Bug 1030050 for CVE-2017-6462",
"url": "https://bugzilla.suse.com/1030050"
},
{
"category": "external",
"summary": "SUSE Bug 1038049 for CVE-2017-6462",
"url": "https://bugzilla.suse.com/1038049"
},
{
"category": "external",
"summary": "SUSE Bug 1044525 for CVE-2017-6462",
"url": "https://bugzilla.suse.com/1044525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-6462"
},
{
"cve": "CVE-2017-6463",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6463"
}
],
"notes": [
{
"category": "general",
"text": "NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6463",
"url": "https://www.suse.com/security/cve/CVE-2017-6463"
},
{
"category": "external",
"summary": "SUSE Bug 1030050 for CVE-2017-6463",
"url": "https://bugzilla.suse.com/1030050"
},
{
"category": "external",
"summary": "SUSE Bug 1038049 for CVE-2017-6463",
"url": "https://bugzilla.suse.com/1038049"
},
{
"category": "external",
"summary": "SUSE Bug 1044525 for CVE-2017-6463",
"url": "https://bugzilla.suse.com/1044525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-6463"
},
{
"cve": "CVE-2017-6464",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6464"
}
],
"notes": [
{
"category": "general",
"text": "NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6464",
"url": "https://www.suse.com/security/cve/CVE-2017-6464"
},
{
"category": "external",
"summary": "SUSE Bug 1030050 for CVE-2017-6464",
"url": "https://bugzilla.suse.com/1030050"
},
{
"category": "external",
"summary": "SUSE Bug 1038049 for CVE-2017-6464",
"url": "https://bugzilla.suse.com/1038049"
},
{
"category": "external",
"summary": "SUSE Bug 1044525 for CVE-2017-6464",
"url": "https://bugzilla.suse.com/1044525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-6464"
},
{
"cve": "CVE-2018-12327",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12327"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12327",
"url": "https://www.suse.com/security/cve/CVE-2018-12327"
},
{
"category": "external",
"summary": "SUSE Bug 1098531 for CVE-2018-12327",
"url": "https://bugzilla.suse.com/1098531"
},
{
"category": "external",
"summary": "SUSE Bug 1107887 for CVE-2018-12327",
"url": "https://bugzilla.suse.com/1107887"
},
{
"category": "external",
"summary": "SUSE Bug 1111552 for CVE-2018-12327",
"url": "https://bugzilla.suse.com/1111552"
},
{
"category": "external",
"summary": "SUSE Bug 1111853 for CVE-2018-12327",
"url": "https://bugzilla.suse.com/1111853"
},
{
"category": "external",
"summary": "SUSE Bug 1155513 for CVE-2018-12327",
"url": "https://bugzilla.suse.com/1155513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-12327"
},
{
"cve": "CVE-2018-7170",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7170"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim\u0027s clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7170",
"url": "https://www.suse.com/security/cve/CVE-2018-7170"
},
{
"category": "external",
"summary": "SUSE Bug 1082210 for CVE-2018-7170",
"url": "https://bugzilla.suse.com/1082210"
},
{
"category": "external",
"summary": "SUSE Bug 1083424 for CVE-2018-7170",
"url": "https://bugzilla.suse.com/1083424"
},
{
"category": "external",
"summary": "SUSE Bug 1087324 for CVE-2018-7170",
"url": "https://bugzilla.suse.com/1087324"
},
{
"category": "external",
"summary": "SUSE Bug 1098531 for CVE-2018-7170",
"url": "https://bugzilla.suse.com/1098531"
},
{
"category": "external",
"summary": "SUSE Bug 1155513 for CVE-2018-7170",
"url": "https://bugzilla.suse.com/1155513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-7170"
},
{
"cve": "CVE-2018-7182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7182"
}
],
"notes": [
{
"category": "general",
"text": "The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7182",
"url": "https://www.suse.com/security/cve/CVE-2018-7182"
},
{
"category": "external",
"summary": "SUSE Bug 1082210 for CVE-2018-7182",
"url": "https://bugzilla.suse.com/1082210"
},
{
"category": "external",
"summary": "SUSE Bug 1083426 for CVE-2018-7182",
"url": "https://bugzilla.suse.com/1083426"
},
{
"category": "external",
"summary": "SUSE Bug 1087324 for CVE-2018-7182",
"url": "https://bugzilla.suse.com/1087324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-7182"
},
{
"cve": "CVE-2018-7183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7183"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7183",
"url": "https://www.suse.com/security/cve/CVE-2018-7183"
},
{
"category": "external",
"summary": "SUSE Bug 1082210 for CVE-2018-7183",
"url": "https://bugzilla.suse.com/1082210"
},
{
"category": "external",
"summary": "SUSE Bug 1083417 for CVE-2018-7183",
"url": "https://bugzilla.suse.com/1083417"
},
{
"category": "external",
"summary": "SUSE Bug 1087324 for CVE-2018-7183",
"url": "https://bugzilla.suse.com/1087324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-7183"
},
{
"cve": "CVE-2018-7184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7184"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the \"received\" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7184",
"url": "https://www.suse.com/security/cve/CVE-2018-7184"
},
{
"category": "external",
"summary": "SUSE Bug 1082210 for CVE-2018-7184",
"url": "https://bugzilla.suse.com/1082210"
},
{
"category": "external",
"summary": "SUSE Bug 1083422 for CVE-2018-7184",
"url": "https://bugzilla.suse.com/1083422"
},
{
"category": "external",
"summary": "SUSE Bug 1087324 for CVE-2018-7184",
"url": "https://bugzilla.suse.com/1087324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-7184"
},
{
"cve": "CVE-2018-7185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7185"
}
],
"notes": [
{
"category": "general",
"text": "The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the \"other side\" of an interleaved association causing the victim ntpd to reset its association.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7185",
"url": "https://www.suse.com/security/cve/CVE-2018-7185"
},
{
"category": "external",
"summary": "SUSE Bug 1082210 for CVE-2018-7185",
"url": "https://bugzilla.suse.com/1082210"
},
{
"category": "external",
"summary": "SUSE Bug 1083420 for CVE-2018-7185",
"url": "https://bugzilla.suse.com/1083420"
},
{
"category": "external",
"summary": "SUSE Bug 1087324 for CVE-2018-7185",
"url": "https://bugzilla.suse.com/1087324"
},
{
"category": "external",
"summary": "SUSE Bug 1089405 for CVE-2018-7185",
"url": "https://bugzilla.suse.com/1089405"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-7185"
},
{
"cve": "CVE-2018-8956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-8956"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker\u0027s behalf and send them to the attacker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-8956",
"url": "https://www.suse.com/security/cve/CVE-2018-8956"
},
{
"category": "external",
"summary": "SUSE Bug 1171355 for CVE-2018-8956",
"url": "https://bugzilla.suse.com/1171355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-8956"
},
{
"cve": "CVE-2019-8936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8936"
}
],
"notes": [
{
"category": "general",
"text": "NTP through 4.2.8p12 has a NULL Pointer Dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8936",
"url": "https://www.suse.com/security/cve/CVE-2019-8936"
},
{
"category": "external",
"summary": "SUSE Bug 1128525 for CVE-2019-8936",
"url": "https://bugzilla.suse.com/1128525"
},
{
"category": "external",
"summary": "SUSE Bug 1148892 for CVE-2019-8936",
"url": "https://bugzilla.suse.com/1148892"
},
{
"category": "external",
"summary": "SUSE Bug 1155513 for CVE-2019-8936",
"url": "https://bugzilla.suse.com/1155513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-8936"
},
{
"cve": "CVE-2020-11868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11868"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11868",
"url": "https://www.suse.com/security/cve/CVE-2020-11868"
},
{
"category": "external",
"summary": "SUSE Bug 1169740 for CVE-2020-11868",
"url": "https://bugzilla.suse.com/1169740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2020-11868"
},
{
"cve": "CVE-2020-13817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13817"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13817",
"url": "https://www.suse.com/security/cve/CVE-2020-13817"
},
{
"category": "external",
"summary": "SUSE Bug 1172651 for CVE-2020-13817",
"url": "https://bugzilla.suse.com/1172651"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-13817"
},
{
"cve": "CVE-2020-15025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15025"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15025",
"url": "https://www.suse.com/security/cve/CVE-2020-15025"
},
{
"category": "external",
"summary": "SUSE Bug 1173334 for CVE-2020-15025",
"url": "https://bugzilla.suse.com/1173334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-15025"
}
]
}
suse-su-2019:0775-1
Vulnerability from csaf_suse
Published
2019-03-27 10:38
Modified
2019-03-27 10:38
Summary
Security update for ntp
Notes
Title of the patch
Security update for ntp
Description of the patch
This update for ntp fixes the following issues:
Security issue fixed:
- CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause
segmentation fault to ntpd (bsc#1128525).
Other issues addressed:
- Fixed several bugs in the BANCOMM reclock driver.
- Fixed ntp_loopfilter.c snprintf compilation warnings.
- Fixed spurious initgroups() error message.
- Fixed STA_NANO struct timex units.
- Fixed GPS week rollover in libparse.
- Fixed incorrect poll interval in packet.
- Added a missing check for ENABLE_CMAC.
Patchnames
SUSE-2019-775,SUSE-SLE-SERVER-12-2019-775
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ntp",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ntp fixes the following issues:\n\t \nSecurity issue fixed: \t \n\n- CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause \n segmentation fault to ntpd (bsc#1128525).\n\nOther issues addressed:\n\n- Fixed several bugs in the BANCOMM reclock driver.\n- Fixed ntp_loopfilter.c snprintf compilation warnings.\n- Fixed spurious initgroups() error message.\n- Fixed STA_NANO struct timex units.\n- Fixed GPS week rollover in libparse.\n- Fixed incorrect poll interval in packet.\n- Added a missing check for ENABLE_CMAC.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-775,SUSE-SLE-SERVER-12-2019-775",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0775-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0775-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190775-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0775-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-March/005244.html"
},
{
"category": "self",
"summary": "SUSE Bug 1128525",
"url": "https://bugzilla.suse.com/1128525"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8936 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8936/"
}
],
"title": "Security update for ntp",
"tracking": {
"current_release_date": "2019-03-27T10:38:39Z",
"generator": {
"date": "2019-03-27T10:38:39Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0775-1",
"initial_release_date": "2019-03-27T10:38:39Z",
"revision_history": [
{
"date": "2019-03-27T10:38:39Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p13-46.32.1.aarch64",
"product": {
"name": "ntp-4.2.8p13-46.32.1.aarch64",
"product_id": "ntp-4.2.8p13-46.32.1.aarch64"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p13-46.32.1.aarch64",
"product": {
"name": "ntp-doc-4.2.8p13-46.32.1.aarch64",
"product_id": "ntp-doc-4.2.8p13-46.32.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p13-46.32.1.i586",
"product": {
"name": "ntp-4.2.8p13-46.32.1.i586",
"product_id": "ntp-4.2.8p13-46.32.1.i586"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p13-46.32.1.i586",
"product": {
"name": "ntp-doc-4.2.8p13-46.32.1.i586",
"product_id": "ntp-doc-4.2.8p13-46.32.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p13-46.32.1.ppc64le",
"product": {
"name": "ntp-4.2.8p13-46.32.1.ppc64le",
"product_id": "ntp-4.2.8p13-46.32.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p13-46.32.1.ppc64le",
"product": {
"name": "ntp-doc-4.2.8p13-46.32.1.ppc64le",
"product_id": "ntp-doc-4.2.8p13-46.32.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p13-46.32.1.s390",
"product": {
"name": "ntp-4.2.8p13-46.32.1.s390",
"product_id": "ntp-4.2.8p13-46.32.1.s390"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p13-46.32.1.s390",
"product": {
"name": "ntp-doc-4.2.8p13-46.32.1.s390",
"product_id": "ntp-doc-4.2.8p13-46.32.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p13-46.32.1.s390x",
"product": {
"name": "ntp-4.2.8p13-46.32.1.s390x",
"product_id": "ntp-4.2.8p13-46.32.1.s390x"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p13-46.32.1.s390x",
"product": {
"name": "ntp-doc-4.2.8p13-46.32.1.s390x",
"product_id": "ntp-doc-4.2.8p13-46.32.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p13-46.32.1.x86_64",
"product": {
"name": "ntp-4.2.8p13-46.32.1.x86_64",
"product_id": "ntp-4.2.8p13-46.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p13-46.32.1.x86_64",
"product": {
"name": "ntp-doc-4.2.8p13-46.32.1.x86_64",
"product_id": "ntp-doc-4.2.8p13-46.32.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-46.32.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p13-46.32.1.ppc64le"
},
"product_reference": "ntp-4.2.8p13-46.32.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-46.32.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p13-46.32.1.s390x"
},
"product_reference": "ntp-4.2.8p13-46.32.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-46.32.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p13-46.32.1.x86_64"
},
"product_reference": "ntp-4.2.8p13-46.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-46.32.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p13-46.32.1.ppc64le"
},
"product_reference": "ntp-doc-4.2.8p13-46.32.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-46.32.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p13-46.32.1.s390x"
},
"product_reference": "ntp-doc-4.2.8p13-46.32.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-46.32.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p13-46.32.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p13-46.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-8936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8936"
}
],
"notes": [
{
"category": "general",
"text": "NTP through 4.2.8p12 has a NULL Pointer Dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p13-46.32.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p13-46.32.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p13-46.32.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p13-46.32.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p13-46.32.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p13-46.32.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8936",
"url": "https://www.suse.com/security/cve/CVE-2019-8936"
},
{
"category": "external",
"summary": "SUSE Bug 1128525 for CVE-2019-8936",
"url": "https://bugzilla.suse.com/1128525"
},
{
"category": "external",
"summary": "SUSE Bug 1148892 for CVE-2019-8936",
"url": "https://bugzilla.suse.com/1148892"
},
{
"category": "external",
"summary": "SUSE Bug 1155513 for CVE-2019-8936",
"url": "https://bugzilla.suse.com/1155513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p13-46.32.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p13-46.32.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p13-46.32.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p13-46.32.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p13-46.32.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p13-46.32.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p13-46.32.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p13-46.32.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p13-46.32.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p13-46.32.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p13-46.32.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p13-46.32.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-27T10:38:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-8936"
}
]
}
suse-su-2019:13991-1
Vulnerability from csaf_suse
Published
2019-03-27 09:37
Modified
2019-03-27 09:37
Summary
Security update for ntp
Notes
Title of the patch
Security update for ntp
Description of the patch
This update for ntp fixes the following issues:
Security issue fixed:
- CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause
segmentation fault to ntpd (bsc#1128525).
Other issues addressed:
- Make sure that SLE12 version is higher than the one in SLE11 (bsc#1001182).
- Fixed several bugs in the BANCOMM reclock driver.
- Fixed ntp_loopfilter.c snprintf compilation warnings.
- Fixed spurious initgroups() error message.
- Fixed STA_NANO struct timex units.
- Fixed GPS week rollover in libparse.
- Fixed incorrect poll interval in packet.
- Added a missing check for ENABLE_CMAC.
Patchnames
slessp4-ntp-13991
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ntp",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ntp fixes the following issues:\n\nSecurity issue fixed: \t \n\n- CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause \n segmentation fault to ntpd (bsc#1128525).\n\nOther issues addressed:\n\n- Make sure that SLE12 version is higher than the one in SLE11 (bsc#1001182). \n- Fixed several bugs in the BANCOMM reclock driver.\n- Fixed ntp_loopfilter.c snprintf compilation warnings.\n- Fixed spurious initgroups() error message.\n- Fixed STA_NANO struct timex units.\n- Fixed GPS week rollover in libparse.\n- Fixed incorrect poll interval in packet.\n- Added a missing check for ENABLE_CMAC.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slessp4-ntp-13991",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_13991-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:13991-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201913991-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:13991-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-March/005255.html"
},
{
"category": "self",
"summary": "SUSE Bug 1001182",
"url": "https://bugzilla.suse.com/1001182"
},
{
"category": "self",
"summary": "SUSE Bug 1128525",
"url": "https://bugzilla.suse.com/1128525"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8936 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8936/"
}
],
"title": "Security update for ntp",
"tracking": {
"current_release_date": "2019-03-27T09:37:42Z",
"generator": {
"date": "2019-03-27T09:37:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:13991-1",
"initial_release_date": "2019-03-27T09:37:42Z",
"revision_history": [
{
"date": "2019-03-27T09:37:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p13-64.13.1.i586",
"product": {
"name": "ntp-4.2.8p13-64.13.1.i586",
"product_id": "ntp-4.2.8p13-64.13.1.i586"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p13-64.13.1.i586",
"product": {
"name": "ntp-doc-4.2.8p13-64.13.1.i586",
"product_id": "ntp-doc-4.2.8p13-64.13.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p13-64.13.1.ia64",
"product": {
"name": "ntp-4.2.8p13-64.13.1.ia64",
"product_id": "ntp-4.2.8p13-64.13.1.ia64"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p13-64.13.1.ia64",
"product": {
"name": "ntp-doc-4.2.8p13-64.13.1.ia64",
"product_id": "ntp-doc-4.2.8p13-64.13.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p13-64.13.1.ppc64",
"product": {
"name": "ntp-4.2.8p13-64.13.1.ppc64",
"product_id": "ntp-4.2.8p13-64.13.1.ppc64"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p13-64.13.1.ppc64",
"product": {
"name": "ntp-doc-4.2.8p13-64.13.1.ppc64",
"product_id": "ntp-doc-4.2.8p13-64.13.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p13-64.13.1.s390x",
"product": {
"name": "ntp-4.2.8p13-64.13.1.s390x",
"product_id": "ntp-4.2.8p13-64.13.1.s390x"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p13-64.13.1.s390x",
"product": {
"name": "ntp-doc-4.2.8p13-64.13.1.s390x",
"product_id": "ntp-doc-4.2.8p13-64.13.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p13-64.13.1.x86_64",
"product": {
"name": "ntp-4.2.8p13-64.13.1.x86_64",
"product_id": "ntp-4.2.8p13-64.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p13-64.13.1.x86_64",
"product": {
"name": "ntp-doc-4.2.8p13-64.13.1.x86_64",
"product_id": "ntp-doc-4.2.8p13-64.13.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-64.13.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p13-64.13.1.i586"
},
"product_reference": "ntp-4.2.8p13-64.13.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-64.13.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p13-64.13.1.ia64"
},
"product_reference": "ntp-4.2.8p13-64.13.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-64.13.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p13-64.13.1.ppc64"
},
"product_reference": "ntp-4.2.8p13-64.13.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-64.13.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p13-64.13.1.s390x"
},
"product_reference": "ntp-4.2.8p13-64.13.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-64.13.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p13-64.13.1.x86_64"
},
"product_reference": "ntp-4.2.8p13-64.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-64.13.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p13-64.13.1.i586"
},
"product_reference": "ntp-doc-4.2.8p13-64.13.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-64.13.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p13-64.13.1.ia64"
},
"product_reference": "ntp-doc-4.2.8p13-64.13.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-64.13.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p13-64.13.1.ppc64"
},
"product_reference": "ntp-doc-4.2.8p13-64.13.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-64.13.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p13-64.13.1.s390x"
},
"product_reference": "ntp-doc-4.2.8p13-64.13.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-64.13.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p13-64.13.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p13-64.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-64.13.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p13-64.13.1.i586"
},
"product_reference": "ntp-4.2.8p13-64.13.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-64.13.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p13-64.13.1.ia64"
},
"product_reference": "ntp-4.2.8p13-64.13.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-64.13.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p13-64.13.1.ppc64"
},
"product_reference": "ntp-4.2.8p13-64.13.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-64.13.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p13-64.13.1.s390x"
},
"product_reference": "ntp-4.2.8p13-64.13.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-64.13.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p13-64.13.1.x86_64"
},
"product_reference": "ntp-4.2.8p13-64.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-64.13.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p13-64.13.1.i586"
},
"product_reference": "ntp-doc-4.2.8p13-64.13.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-64.13.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p13-64.13.1.ia64"
},
"product_reference": "ntp-doc-4.2.8p13-64.13.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-64.13.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p13-64.13.1.ppc64"
},
"product_reference": "ntp-doc-4.2.8p13-64.13.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-64.13.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p13-64.13.1.s390x"
},
"product_reference": "ntp-doc-4.2.8p13-64.13.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-64.13.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p13-64.13.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p13-64.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-8936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8936"
}
],
"notes": [
{
"category": "general",
"text": "NTP through 4.2.8p12 has a NULL Pointer Dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p13-64.13.1.i586",
"SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p13-64.13.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p13-64.13.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p13-64.13.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p13-64.13.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p13-64.13.1.i586",
"SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p13-64.13.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p13-64.13.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p13-64.13.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p13-64.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p13-64.13.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p13-64.13.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p13-64.13.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p13-64.13.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p13-64.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p13-64.13.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p13-64.13.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p13-64.13.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p13-64.13.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p13-64.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8936",
"url": "https://www.suse.com/security/cve/CVE-2019-8936"
},
{
"category": "external",
"summary": "SUSE Bug 1128525 for CVE-2019-8936",
"url": "https://bugzilla.suse.com/1128525"
},
{
"category": "external",
"summary": "SUSE Bug 1148892 for CVE-2019-8936",
"url": "https://bugzilla.suse.com/1148892"
},
{
"category": "external",
"summary": "SUSE Bug 1155513 for CVE-2019-8936",
"url": "https://bugzilla.suse.com/1155513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p13-64.13.1.i586",
"SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p13-64.13.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p13-64.13.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p13-64.13.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p13-64.13.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p13-64.13.1.i586",
"SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p13-64.13.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p13-64.13.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p13-64.13.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p13-64.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p13-64.13.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p13-64.13.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p13-64.13.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p13-64.13.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p13-64.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p13-64.13.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p13-64.13.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p13-64.13.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p13-64.13.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p13-64.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p13-64.13.1.i586",
"SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p13-64.13.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p13-64.13.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p13-64.13.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p13-64.13.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p13-64.13.1.i586",
"SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p13-64.13.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p13-64.13.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p13-64.13.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p13-64.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p13-64.13.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p13-64.13.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p13-64.13.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p13-64.13.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p13-64.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p13-64.13.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p13-64.13.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p13-64.13.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p13-64.13.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p13-64.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-27T09:37:42Z",
"details": "moderate"
}
],
"title": "CVE-2019-8936"
}
]
}
suse-su-2019:0777-1
Vulnerability from csaf_suse
Published
2019-03-27 11:23
Modified
2019-03-27 11:23
Summary
Security update for ntp
Notes
Title of the patch
Security update for ntp
Description of the patch
This update for ntp fixes the following issues:
Security issue fixed:
- CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause
segmentation fault to ntpd (bsc#1128525).
Other issues addressed:
- Fixed several bugs in the BANCOMM reclock driver.
- Fixed ntp_loopfilter.c snprintf compilation warnings.
- Fixed spurious initgroups() error message.
- Fixed STA_NANO struct timex units.
- Fixed GPS week rollover in libparse.
- Fixed incorrect poll interval in packet.
- Added a missing check for ENABLE_CMAC.
Patchnames
SUSE-2019-777,SUSE-SLE-Module-Development-Tools-OBS-15-2019-777,SUSE-SLE-Module-Legacy-15-2019-777
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ntp",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ntp fixes the following issues:\n\nSecurity issue fixed: \t \n\n- CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause \n segmentation fault to ntpd (bsc#1128525).\n\nOther issues addressed:\n\n- Fixed several bugs in the BANCOMM reclock driver.\n- Fixed ntp_loopfilter.c snprintf compilation warnings.\n- Fixed spurious initgroups() error message.\n- Fixed STA_NANO struct timex units.\n- Fixed GPS week rollover in libparse.\n- Fixed incorrect poll interval in packet.\n- Added a missing check for ENABLE_CMAC.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-777,SUSE-SLE-Module-Development-Tools-OBS-15-2019-777,SUSE-SLE-Module-Legacy-15-2019-777",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0777-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0777-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190777-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0777-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-March/005249.html"
},
{
"category": "self",
"summary": "SUSE Bug 1128525",
"url": "https://bugzilla.suse.com/1128525"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8936 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8936/"
}
],
"title": "Security update for ntp",
"tracking": {
"current_release_date": "2019-03-27T11:23:40Z",
"generator": {
"date": "2019-03-27T11:23:40Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0777-1",
"initial_release_date": "2019-03-27T11:23:40Z",
"revision_history": [
{
"date": "2019-03-27T11:23:40Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p13-4.6.1.aarch64",
"product": {
"name": "ntp-4.2.8p13-4.6.1.aarch64",
"product_id": "ntp-4.2.8p13-4.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p13-4.6.1.aarch64",
"product": {
"name": "ntp-doc-4.2.8p13-4.6.1.aarch64",
"product_id": "ntp-doc-4.2.8p13-4.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p13-4.6.1.i586",
"product": {
"name": "ntp-4.2.8p13-4.6.1.i586",
"product_id": "ntp-4.2.8p13-4.6.1.i586"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p13-4.6.1.i586",
"product": {
"name": "ntp-doc-4.2.8p13-4.6.1.i586",
"product_id": "ntp-doc-4.2.8p13-4.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p13-4.6.1.ppc64le",
"product": {
"name": "ntp-4.2.8p13-4.6.1.ppc64le",
"product_id": "ntp-4.2.8p13-4.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p13-4.6.1.ppc64le",
"product": {
"name": "ntp-doc-4.2.8p13-4.6.1.ppc64le",
"product_id": "ntp-doc-4.2.8p13-4.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p13-4.6.1.s390x",
"product": {
"name": "ntp-4.2.8p13-4.6.1.s390x",
"product_id": "ntp-4.2.8p13-4.6.1.s390x"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p13-4.6.1.s390x",
"product": {
"name": "ntp-doc-4.2.8p13-4.6.1.s390x",
"product_id": "ntp-doc-4.2.8p13-4.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p13-4.6.1.x86_64",
"product": {
"name": "ntp-4.2.8p13-4.6.1.x86_64",
"product_id": "ntp-4.2.8p13-4.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p13-4.6.1.x86_64",
"product": {
"name": "ntp-doc-4.2.8p13-4.6.1.x86_64",
"product_id": "ntp-doc-4.2.8p13-4.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Legacy 15",
"product": {
"name": "SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-legacy:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-4.6.1.aarch64 as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:ntp-4.2.8p13-4.6.1.aarch64"
},
"product_reference": "ntp-4.2.8p13-4.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-4.6.1.ppc64le as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:ntp-4.2.8p13-4.6.1.ppc64le"
},
"product_reference": "ntp-4.2.8p13-4.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-4.6.1.s390x as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:ntp-4.2.8p13-4.6.1.s390x"
},
"product_reference": "ntp-4.2.8p13-4.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-4.6.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:ntp-4.2.8p13-4.6.1.x86_64"
},
"product_reference": "ntp-4.2.8p13-4.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-8936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8936"
}
],
"notes": [
{
"category": "general",
"text": "NTP through 4.2.8p12 has a NULL Pointer Dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Legacy 15:ntp-4.2.8p13-4.6.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:ntp-4.2.8p13-4.6.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:ntp-4.2.8p13-4.6.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:ntp-4.2.8p13-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8936",
"url": "https://www.suse.com/security/cve/CVE-2019-8936"
},
{
"category": "external",
"summary": "SUSE Bug 1128525 for CVE-2019-8936",
"url": "https://bugzilla.suse.com/1128525"
},
{
"category": "external",
"summary": "SUSE Bug 1148892 for CVE-2019-8936",
"url": "https://bugzilla.suse.com/1148892"
},
{
"category": "external",
"summary": "SUSE Bug 1155513 for CVE-2019-8936",
"url": "https://bugzilla.suse.com/1155513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Legacy 15:ntp-4.2.8p13-4.6.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:ntp-4.2.8p13-4.6.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:ntp-4.2.8p13-4.6.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:ntp-4.2.8p13-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Legacy 15:ntp-4.2.8p13-4.6.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:ntp-4.2.8p13-4.6.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:ntp-4.2.8p13-4.6.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:ntp-4.2.8p13-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-27T11:23:40Z",
"details": "moderate"
}
],
"title": "CVE-2019-8936"
}
]
}
suse-su-2019:14004-1
Vulnerability from csaf_suse
Published
2019-04-01 11:59
Modified
2019-04-01 11:59
Summary
Security update for ntp
Notes
Title of the patch
Security update for ntp
Description of the patch
This update for ntp fixes the following issues:
Security issue fixed:
- CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause
segmentation fault to ntpd (bsc#1128525).
Other issues addressed:
- Make sure that SLE12 version is higher than the one in SLE11 (bsc#1001182).
- Fixed several bugs in the BANCOMM reclock driver.
- Fixed ntp_loopfilter.c snprintf compilation warnings.
- Fixed spurious initgroups() error message.
- Fixed STA_NANO struct timex units.
- Fixed GPS week rollover in libparse.
- Fixed incorrect poll interval in packet.
- Added a missing check for ENABLE_CMAC.
Patchnames
sleposp3-ntp-14004
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ntp",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ntp fixes the following issues:\n\t \nSecurity issue fixed: \t \n\n- CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause \n segmentation fault to ntpd (bsc#1128525).\n\nOther issues addressed:\n\n- Make sure that SLE12 version is higher than the one in SLE11 (bsc#1001182). \n- Fixed several bugs in the BANCOMM reclock driver.\n- Fixed ntp_loopfilter.c snprintf compilation warnings.\n- Fixed spurious initgroups() error message.\n- Fixed STA_NANO struct timex units.\n- Fixed GPS week rollover in libparse.\n- Fixed incorrect poll interval in packet.\n- Added a missing check for ENABLE_CMAC.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleposp3-ntp-14004",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_14004-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:14004-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914004-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:14004-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-April/005280.html"
},
{
"category": "self",
"summary": "SUSE Bug 1001182",
"url": "https://bugzilla.suse.com/1001182"
},
{
"category": "self",
"summary": "SUSE Bug 1128525",
"url": "https://bugzilla.suse.com/1128525"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8936 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8936/"
}
],
"title": "Security update for ntp",
"tracking": {
"current_release_date": "2019-04-01T11:59:24Z",
"generator": {
"date": "2019-04-01T11:59:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:14004-1",
"initial_release_date": "2019-04-01T11:59:24Z",
"revision_history": [
{
"date": "2019-04-01T11:59:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p13-48.27.1.i586",
"product": {
"name": "ntp-4.2.8p13-48.27.1.i586",
"product_id": "ntp-4.2.8p13-48.27.1.i586"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p13-48.27.1.i586",
"product": {
"name": "ntp-doc-4.2.8p13-48.27.1.i586",
"product_id": "ntp-doc-4.2.8p13-48.27.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-pos:11:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-48.27.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:ntp-4.2.8p13-48.27.1.i586"
},
"product_reference": "ntp-4.2.8p13-48.27.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-48.27.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:ntp-doc-4.2.8p13-48.27.1.i586"
},
"product_reference": "ntp-doc-4.2.8p13-48.27.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-8936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8936"
}
],
"notes": [
{
"category": "general",
"text": "NTP through 4.2.8p12 has a NULL Pointer Dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:ntp-4.2.8p13-48.27.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:ntp-doc-4.2.8p13-48.27.1.i586"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8936",
"url": "https://www.suse.com/security/cve/CVE-2019-8936"
},
{
"category": "external",
"summary": "SUSE Bug 1128525 for CVE-2019-8936",
"url": "https://bugzilla.suse.com/1128525"
},
{
"category": "external",
"summary": "SUSE Bug 1148892 for CVE-2019-8936",
"url": "https://bugzilla.suse.com/1148892"
},
{
"category": "external",
"summary": "SUSE Bug 1155513 for CVE-2019-8936",
"url": "https://bugzilla.suse.com/1155513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:ntp-4.2.8p13-48.27.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:ntp-doc-4.2.8p13-48.27.1.i586"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:ntp-4.2.8p13-48.27.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:ntp-doc-4.2.8p13-48.27.1.i586"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-01T11:59:24Z",
"details": "moderate"
}
],
"title": "CVE-2019-8936"
}
]
}
suse-su-2019:0789-1
Vulnerability from csaf_suse
Published
2019-03-28 10:56
Modified
2019-03-28 10:56
Summary
Security update for ntp
Notes
Title of the patch
Security update for ntp
Description of the patch
This update for ntp fixes the following issues:
Security issue fixed:
- CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause
segmentation fault to ntpd (bsc#1128525).
Other isses addressed:
- Fixed an issue which caused openSSL mismatch (bsc#1125401)
- Fixed several bugs in the BANCOMM reclock driver.
- Fixed ntp_loopfilter.c snprintf compilation warnings.
- Fixed spurious initgroups() error message.
- Fixed STA_NANO struct timex units.
- Fixed GPS week rollover in libparse.
- Fixed incorrect poll interval in packet.
- Added a missing check for ENABLE_CMAC.
Patchnames
SUSE-2019-789,SUSE-OpenStack-Cloud-7-2019-789,SUSE-SLE-DESKTOP-12-SP3-2019-789,SUSE-SLE-DESKTOP-12-SP4-2019-789,SUSE-SLE-SAP-12-SP1-2019-789,SUSE-SLE-SAP-12-SP2-2019-789,SUSE-SLE-SERVER-12-SP1-2019-789,SUSE-SLE-SERVER-12-SP2-2019-789,SUSE-SLE-SERVER-12-SP2-BCL-2019-789,SUSE-SLE-SERVER-12-SP3-2019-789,SUSE-SLE-SERVER-12-SP4-2019-789,SUSE-Storage-4-2019-789
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ntp",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ntp fixes the following issues:\n\nSecurity issue fixed: \t \n\n- CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause \n segmentation fault to ntpd (bsc#1128525).\n\nOther isses addressed:\n\n- Fixed an issue which caused openSSL mismatch (bsc#1125401)\n- Fixed several bugs in the BANCOMM reclock driver.\n- Fixed ntp_loopfilter.c snprintf compilation warnings.\n- Fixed spurious initgroups() error message.\n- Fixed STA_NANO struct timex units.\n- Fixed GPS week rollover in libparse.\n- Fixed incorrect poll interval in packet.\n- Added a missing check for ENABLE_CMAC.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-789,SUSE-OpenStack-Cloud-7-2019-789,SUSE-SLE-DESKTOP-12-SP3-2019-789,SUSE-SLE-DESKTOP-12-SP4-2019-789,SUSE-SLE-SAP-12-SP1-2019-789,SUSE-SLE-SAP-12-SP2-2019-789,SUSE-SLE-SERVER-12-SP1-2019-789,SUSE-SLE-SERVER-12-SP2-2019-789,SUSE-SLE-SERVER-12-SP2-BCL-2019-789,SUSE-SLE-SERVER-12-SP3-2019-789,SUSE-SLE-SERVER-12-SP4-2019-789,SUSE-Storage-4-2019-789",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0789-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0789-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190789-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0789-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-March/005258.html"
},
{
"category": "self",
"summary": "SUSE Bug 1125401",
"url": "https://bugzilla.suse.com/1125401"
},
{
"category": "self",
"summary": "SUSE Bug 1128525",
"url": "https://bugzilla.suse.com/1128525"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8936 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8936/"
}
],
"title": "Security update for ntp",
"tracking": {
"current_release_date": "2019-03-28T10:56:58Z",
"generator": {
"date": "2019-03-28T10:56:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0789-1",
"initial_release_date": "2019-03-28T10:56:58Z",
"revision_history": [
{
"date": "2019-03-28T10:56:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p13-85.1.aarch64",
"product": {
"name": "ntp-4.2.8p13-85.1.aarch64",
"product_id": "ntp-4.2.8p13-85.1.aarch64"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p13-85.1.aarch64",
"product": {
"name": "ntp-doc-4.2.8p13-85.1.aarch64",
"product_id": "ntp-doc-4.2.8p13-85.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p13-85.1.i586",
"product": {
"name": "ntp-4.2.8p13-85.1.i586",
"product_id": "ntp-4.2.8p13-85.1.i586"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p13-85.1.i586",
"product": {
"name": "ntp-doc-4.2.8p13-85.1.i586",
"product_id": "ntp-doc-4.2.8p13-85.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p13-85.1.ppc64le",
"product": {
"name": "ntp-4.2.8p13-85.1.ppc64le",
"product_id": "ntp-4.2.8p13-85.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p13-85.1.ppc64le",
"product": {
"name": "ntp-doc-4.2.8p13-85.1.ppc64le",
"product_id": "ntp-doc-4.2.8p13-85.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p13-85.1.s390",
"product": {
"name": "ntp-4.2.8p13-85.1.s390",
"product_id": "ntp-4.2.8p13-85.1.s390"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p13-85.1.s390",
"product": {
"name": "ntp-doc-4.2.8p13-85.1.s390",
"product_id": "ntp-doc-4.2.8p13-85.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p13-85.1.s390x",
"product": {
"name": "ntp-4.2.8p13-85.1.s390x",
"product_id": "ntp-4.2.8p13-85.1.s390x"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p13-85.1.s390x",
"product": {
"name": "ntp-doc-4.2.8p13-85.1.s390x",
"product_id": "ntp-doc-4.2.8p13-85.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p13-85.1.x86_64",
"product": {
"name": "ntp-4.2.8p13-85.1.x86_64",
"product_id": "ntp-4.2.8p13-85.1.x86_64"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p13-85.1.x86_64",
"product": {
"name": "ntp-doc-4.2.8p13-85.1.x86_64",
"product_id": "ntp-doc-4.2.8p13-85.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 4",
"product": {
"name": "SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ntp-4.2.8p13-85.1.s390x"
},
"product_reference": "ntp-4.2.8p13-85.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ntp-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p13-85.1.s390x"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:ntp-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:ntp-doc-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p13-85.1.ppc64le"
},
"product_reference": "ntp-4.2.8p13-85.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p13-85.1.ppc64le"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p13-85.1.ppc64le"
},
"product_reference": "ntp-4.2.8p13-85.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p13-85.1.s390x"
},
"product_reference": "ntp-4.2.8p13-85.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p13-85.1.ppc64le"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p13-85.1.s390x"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p13-85.1.ppc64le"
},
"product_reference": "ntp-4.2.8p13-85.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p13-85.1.s390x"
},
"product_reference": "ntp-4.2.8p13-85.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p13-85.1.ppc64le"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p13-85.1.s390x"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p13-85.1.aarch64"
},
"product_reference": "ntp-4.2.8p13-85.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p13-85.1.ppc64le"
},
"product_reference": "ntp-4.2.8p13-85.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p13-85.1.s390x"
},
"product_reference": "ntp-4.2.8p13-85.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p13-85.1.aarch64"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p13-85.1.ppc64le"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p13-85.1.s390x"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p13-85.1.aarch64"
},
"product_reference": "ntp-4.2.8p13-85.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p13-85.1.ppc64le"
},
"product_reference": "ntp-4.2.8p13-85.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p13-85.1.s390x"
},
"product_reference": "ntp-4.2.8p13-85.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p13-85.1.aarch64"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p13-85.1.ppc64le"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p13-85.1.s390x"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p13-85.1.aarch64"
},
"product_reference": "ntp-4.2.8p13-85.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p13-85.1.ppc64le"
},
"product_reference": "ntp-4.2.8p13-85.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p13-85.1.s390x"
},
"product_reference": "ntp-4.2.8p13-85.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p13-85.1.aarch64"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p13-85.1.ppc64le"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p13-85.1.s390x"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p13-85.1.aarch64"
},
"product_reference": "ntp-4.2.8p13-85.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p13-85.1.ppc64le"
},
"product_reference": "ntp-4.2.8p13-85.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p13-85.1.s390x"
},
"product_reference": "ntp-4.2.8p13-85.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p13-85.1.aarch64"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p13-85.1.ppc64le"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p13-85.1.s390x"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p13-85.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ntp-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p13-85.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ntp-doc-4.2.8p13-85.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p13-85.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-8936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8936"
}
],
"notes": [
{
"category": "general",
"text": "NTP through 4.2.8p12 has a NULL Pointer Dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:ntp-4.2.8p13-85.1.x86_64",
"SUSE Enterprise Storage 4:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p13-85.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p13-85.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p13-85.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p13-85.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p13-85.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p13-85.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p13-85.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p13-85.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-4.2.8p13-85.1.s390x",
"SUSE OpenStack Cloud 7:ntp-4.2.8p13-85.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p13-85.1.s390x",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p13-85.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8936",
"url": "https://www.suse.com/security/cve/CVE-2019-8936"
},
{
"category": "external",
"summary": "SUSE Bug 1128525 for CVE-2019-8936",
"url": "https://bugzilla.suse.com/1128525"
},
{
"category": "external",
"summary": "SUSE Bug 1148892 for CVE-2019-8936",
"url": "https://bugzilla.suse.com/1148892"
},
{
"category": "external",
"summary": "SUSE Bug 1155513 for CVE-2019-8936",
"url": "https://bugzilla.suse.com/1155513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:ntp-4.2.8p13-85.1.x86_64",
"SUSE Enterprise Storage 4:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p13-85.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p13-85.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p13-85.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p13-85.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p13-85.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p13-85.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p13-85.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p13-85.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-4.2.8p13-85.1.s390x",
"SUSE OpenStack Cloud 7:ntp-4.2.8p13-85.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p13-85.1.s390x",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p13-85.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:ntp-4.2.8p13-85.1.x86_64",
"SUSE Enterprise Storage 4:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p13-85.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p13-85.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p13-85.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p13-85.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p13-85.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p13-85.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p13-85.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p13-85.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p13-85.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p13-85.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p13-85.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p13-85.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-4.2.8p13-85.1.s390x",
"SUSE OpenStack Cloud 7:ntp-4.2.8p13-85.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p13-85.1.s390x",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p13-85.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-28T10:56:58Z",
"details": "moderate"
}
],
"title": "CVE-2019-8936"
}
]
}
CERTFR-2021-AVI-526
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Juniper Networks SBR Carrier versions 8.4.1 antérieures à 8.4.1R19 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions antérieures à 12.3R12-S19, 15.1R7-S10, 16.1R7-S7, 17.2R3-S3, 17.3R3-S12, 17.4R2-S13, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R2-S9, 18.4R3-S9, 19.1R2-S1, 19.2R1-S7, 19.2R3-S2, 19.3R2-S6, 19.3R3-S3, 19.4R1-S4, 19.4R2, 19.4R2-S4, 19.4R3-S5, 20.1R1, 20.1R2-S2, 20.1R3-S1, 20.2R2-S3, 20.2R3-S2, 20.3R2-S1, 20.3R3, 20.4R1-S1, 20.4R2-S1, 20.4R3, 21.1R1-S1, 21.1R2, 21.2R1, | ||
| Juniper Networks | N/A | Juniper Networks Contrail Cloud versions antérieures à 13.6.0 | ||
| Juniper Networks | N/A | Juniper Networks SBR Carrier versions 8.6.0 antérieures à 8.6.0R4 | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions antérieures à 20.3R2-EVO, 20.4R2-EVO, 20.4R2-S2-EVO, 21.1R1-EVO, 21.1R2-EVO, 21.2R1-EVO | ||
| Juniper Networks | N/A | Juniper Networks SBR Carrier versions 8.5.0 antérieures à 8.5.0R10 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Networks SBR Carrier versions 8.4.1 ant\u00e9rieures \u00e0 8.4.1R19",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S19, 15.1R7-S10, 16.1R7-S7, 17.2R3-S3, 17.3R3-S12, 17.4R2-S13, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R2-S9, 18.4R3-S9, 19.1R2-S1, 19.2R1-S7, 19.2R3-S2, 19.3R2-S6, 19.3R3-S3, 19.4R1-S4, 19.4R2, 19.4R2-S4, 19.4R3-S5, 20.1R1, 20.1R2-S2, 20.1R3-S1, 20.2R2-S3, 20.2R3-S2, 20.3R2-S1, 20.3R3, 20.4R1-S1, 20.4R2-S1, 20.4R3, 21.1R1-S1, 21.1R2, 21.2R1,",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Contrail Cloud versions ant\u00e9rieures \u00e0 13.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks SBR Carrier versions 8.6.0 ant\u00e9rieures \u00e0 8.6.0R4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions ant\u00e9rieures \u00e0 20.3R2-EVO, 20.4R2-EVO, 20.4R2-S2-EVO, 21.1R1-EVO, 21.1R2-EVO, 21.2R1-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks SBR Carrier versions 8.5.0 ant\u00e9rieures \u00e0 8.5.0R10",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-0285",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0285"
},
{
"name": "CVE-2021-0279",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0279"
},
{
"name": "CVE-2021-0287",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0287"
},
{
"name": "CVE-2021-0278",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0278"
},
{
"name": "CVE-2021-0280",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0280"
},
{
"name": "CVE-2021-0282",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0282"
},
{
"name": "CVE-2017-1087",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1087"
},
{
"name": "CVE-2018-6925",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6925"
},
{
"name": "CVE-2019-8936",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8936"
},
{
"name": "CVE-2021-0276",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0276"
},
{
"name": "CVE-2021-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0286"
},
{
"name": "CVE-2021-0289",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0289"
},
{
"name": "CVE-2021-0277",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0277"
},
{
"name": "CVE-2021-0290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0290"
},
{
"name": "CVE-2021-0281",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0281"
},
{
"name": "CVE-2021-0288",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0288"
}
],
"initial_release_date": "2021-07-15T00:00:00",
"last_revision_date": "2021-07-15T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11191 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11191\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11183 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11183\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11192 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11192\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11181 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11181\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11178 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11178\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11180 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11180\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11187 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11187\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11188 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11188\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11179 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11179\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11185 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11185\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11184 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11184\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11190 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11190\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11189 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11189\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11177 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11177\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11186 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11186\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11182 du 14 juillet 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11182\u0026cat=SIRT_1\u0026actp=LIST"
}
],
"reference": "CERTFR-2021-AVI-526",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes les produits Juniper.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11183 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11187 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11189 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11188 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11192 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11191 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11177 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11186 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11179 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11182 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11180 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11181 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11178 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11185 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11190 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11184 du 14 juillet 2021",
"url": null
}
]
}
CERTFR-2021-AVI-273
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Junos OS. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS | Juniper Networks Junos OS versions 14.1X53 antérieures à 14.1X53-D53, 14.1X53-D140 pour EX Series | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS versions 19.4 antérieures à 19.4R2-S4, 19.4R3-S2 | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS toutes les versions 18.1 | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS Evolved 19.4 versions antérieures à 19.4R2-S3-EVO | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS versions 15.1 antérieures à 15.1R7-S9 | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS versions 14.1X53 antérieures à 14.1X53-D53 pour EX Series et QFX Series | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS versions 16.1R1 antérieures à 17.3R3-S11 | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS versions 16.1 antérieures à 16.1R7-S7 | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS versions 17.2 antérieures à 17.2R3-S4 | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS versions 12.3X48 antérieures à 12.3X48-D95 pour SRX Series | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS Evolved 20.3 versions antérieures à 20.3R2-EVO | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS versions 17.1 antérieures à 17.1R2-S11, 17.1R3-S2 | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS versions 20.1 antérieures à 20.1R1-S4, 20.1R2-S1, 20.1R3 | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS versions 12.3 antérieures à 12.3R12-S15 pour EX Series | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS versions 17.4 antérieures à 17.4R2-S13, 17.4R3-S5 | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS toutes les versions 19.1 | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS versions 19.2 antérieures à 19.2R1-S6, 19.2R2, 19.2R3-S2 | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS versions 17.3 antérieures à 17.3R2-S5, 17.3R3-S12 | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS Evolved 19.1R1-EVO antérieures à 20.3R1-S2-EVO, 20.3R2-EVO | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS versions 20.3 antérieures à 20.3R1-S1, 20.3R2 | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS versions 14.1R1 antérieures à 15.1R7-S6 pour QFX Series, PTX Series | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS versions 18.3 antérieures à 18.3R1-S7, 18.3R2-S4, 18.3R3-S5 | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS versions 18.2 antérieures à 18.2R2-S8, 18.2R3-S8 | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS Evolved 20.2 versions antérieures à 20.2R2-S1-EVO | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS versions 18.4 antérieures à 18.4R1-S8, 18.4R2-S7, 18.4R3-S8 | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS versions 15.1X49 antérieures à 15.1X49-D200 pour SRX Series | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS versions 15.1X53 antérieures à 15.1X53-D593 pour EX2300 Series, EX3400 Series et QFX Series | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS Evolved 20.1 versions antérieures à 20.1R2-S3-EVO | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS versions 19.3 antérieures à 19.3R1-S1, 19.3R2-S6, 19.3R3-S2 | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS versions 17.1R3 antérieures à 17.3R3-S11 | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS versions 20.2 antérieures à 20.2R1-S3, 20.2R2-S2, 20.2R3 | ||
| Juniper Networks | Junos OS | Juniper Networks Junos OS versions 16.2 antérieures à 16.2R2-S11, 16.2R3 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Networks Junos OS versions 14.1X53 ant\u00e9rieures \u00e0 14.1X53-D53, 14.1X53-D140 pour EX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 19.4 ant\u00e9rieures \u00e0 19.4R2-S4, 19.4R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS toutes les versions 18.1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved 19.4 versions ant\u00e9rieures \u00e0 19.4R2-S3-EVO",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1R7-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 14.1X53 ant\u00e9rieures \u00e0 14.1X53-D53 pour EX Series et QFX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 16.1R1 ant\u00e9rieures \u00e0 17.3R3-S11",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 16.1 ant\u00e9rieures \u00e0 16.1R7-S7",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 17.2 ant\u00e9rieures \u00e0 17.2R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 12.3X48 ant\u00e9rieures \u00e0 12.3X48-D95 pour SRX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved 20.3 versions ant\u00e9rieures \u00e0 20.3R2-EVO",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 17.1 ant\u00e9rieures \u00e0 17.1R2-S11, 17.1R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 20.1 ant\u00e9rieures \u00e0 20.1R1-S4, 20.1R2-S1, 20.1R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 12.3 ant\u00e9rieures \u00e0 12.3R12-S15 pour EX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 17.4 ant\u00e9rieures \u00e0 17.4R2-S13, 17.4R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS toutes les versions 19.1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 19.2 ant\u00e9rieures \u00e0 19.2R1-S6, 19.2R2, 19.2R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 17.3 ant\u00e9rieures \u00e0 17.3R2-S5, 17.3R3-S12",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved 19.1R1-EVO ant\u00e9rieures \u00e0 20.3R1-S2-EVO, 20.3R2-EVO",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 20.3 ant\u00e9rieures \u00e0 20.3R1-S1, 20.3R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 14.1R1 ant\u00e9rieures \u00e0 15.1R7-S6 pour QFX Series, PTX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 18.3 ant\u00e9rieures \u00e0 18.3R1-S7, 18.3R2-S4, 18.3R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 18.2 ant\u00e9rieures \u00e0 18.2R2-S8, 18.2R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved 20.2 versions ant\u00e9rieures \u00e0 20.2R2-S1-EVO",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 18.4 ant\u00e9rieures \u00e0 18.4R1-S8, 18.4R2-S7, 18.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D200 pour SRX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D593 pour EX2300 Series, EX3400 Series et QFX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved 20.1 versions ant\u00e9rieures \u00e0 20.1R2-S3-EVO",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 19.3 ant\u00e9rieures \u00e0 19.3R1-S1, 19.3R2-S6, 19.3R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 17.1R3 ant\u00e9rieures \u00e0 17.3R3-S11",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 20.2 ant\u00e9rieures \u00e0 20.2R1-S3, 20.2R2-S2, 20.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 16.2 ant\u00e9rieures \u00e0 16.2R2-S11, 16.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8622"
},
{
"name": "CVE-2021-0257",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0257"
},
{
"name": "CVE-2021-0258",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0258"
},
{
"name": "CVE-2021-0214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0214"
},
{
"name": "CVE-2021-0270",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0270"
},
{
"name": "CVE-2021-0228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0228"
},
{
"name": "CVE-2021-0230",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0230"
},
{
"name": "CVE-2019-8936",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8936"
},
{
"name": "CVE-2021-0229",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0229"
},
{
"name": "CVE-2021-0246",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0246"
},
{
"name": "CVE-2021-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0216"
},
{
"name": "CVE-2021-0226",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0226"
},
{
"name": "CVE-2021-0231",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0231"
},
{
"name": "CVE-2021-0247",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0247"
},
{
"name": "CVE-2021-0227",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0227"
},
{
"name": "CVE-2021-0224",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0224"
},
{
"name": "CVE-2021-0225",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0225"
}
],
"initial_release_date": "2021-04-16T00:00:00",
"last_revision_date": "2021-04-16T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-273",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-04-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Junos OS. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Junos OS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11140 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11140"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11118 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11118"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11139 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11139"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11121 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11121"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11161 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11161"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11125 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11125"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11149 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11149"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11117 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11117"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11116 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11116"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11126 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11126"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11124 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11124"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11123 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11123"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11148 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11148"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11122 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11122"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11119 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11119"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11120 du 14 avril 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11120"
}
]
}
fkie_cve-2019-8936
Vulnerability from fkie_nvd
Published
2019-05-15 16:29
Modified
2024-11-21 04:50
Severity ?
Summary
NTP through 4.2.8p12 has a NULL Pointer Dereference.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://bugs.ntp.org/show_bug.cgi?id=3565 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://support.ntp.org/bin/view/Main/SecurityNotice | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBGXY7OKWOLT6X6JAPVZRFEP4FLCGGST/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQDNHNYOJK2SRSGO23GQ2RXTOUY2HLNN/ | ||
| cve@mitre.org | https://seclists.org/bugtraq/2019/May/39 | Issue Tracking, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security.FreeBSD.org/advisories/FreeBSD-SA-19:04.ntp.asc | Mitigation, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201903-15 | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20190503-0001/ | Patch, Third Party Advisory | |
| cve@mitre.org | https://support.f5.com/csp/article/K61363039 | Third Party Advisory | |
| cve@mitre.org | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/4563-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.ntp.org/show_bug.cgi?id=3565 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.ntp.org/bin/view/Main/SecurityNotice | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBGXY7OKWOLT6X6JAPVZRFEP4FLCGGST/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQDNHNYOJK2SRSGO23GQ2RXTOUY2HLNN/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/May/39 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.FreeBSD.org/advisories/FreeBSD-SA-19:04.ntp.asc | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201903-15 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190503-0001/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K61363039 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4563-1/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netapp | clustered_data_ontap | * | |
| netapp | data_ontap | - | |
| fedoraproject | fedora | 28 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 42.3 | |
| hpe | hpux-ntp | * | |
| ntp | ntp | * | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C68F28EC-4283-4A8D-83CD-E69B2A85B0C4",
"versionEndExcluding": "9.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "392A1364-2739-450D-9E19-DFF93081C2C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hpe:hpux-ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A1FDA7-BE46-4FAB-A3FD-9A40C770C4AB",
"versionEndExcluding": "c.4.2.8.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CED3C1F7-6FFA-44D1-BC56-2BB1963F3B9F",
"versionEndExcluding": "4.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*",
"matchCriteriaId": "0BC62D4E-D519-458C-BE4E-10DDB73A97D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p11:*:*:*:*:*:*",
"matchCriteriaId": "1C420117-862A-41A9-BAE8-8B3478FAEBC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p12:*:*:*:*:*:*",
"matchCriteriaId": "4A484251-3220-498C-83FE-A04B013A31A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
"matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
"matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
"matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*",
"matchCriteriaId": "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
"matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NTP through 4.2.8p12 has a NULL Pointer Dereference."
},
{
"lang": "es",
"value": "NTP hasta 4.2.8p12 tiene una desreferencia del puntero NULL."
}
],
"id": "CVE-2019-8936",
"lastModified": "2024-11-21T04:50:41.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-15T16:29:01.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=3565"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBGXY7OKWOLT6X6JAPVZRFEP4FLCGGST/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQDNHNYOJK2SRSGO23GQ2RXTOUY2HLNN/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/39"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:04.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201903-15"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190503-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K61363039"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4563-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=3565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBGXY7OKWOLT6X6JAPVZRFEP4FLCGGST/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQDNHNYOJK2SRSGO23GQ2RXTOUY2HLNN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/39"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:04.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201903-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190503-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K61363039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4563-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…