Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-1549 (GCVE-0-2016-1549)
Vulnerability from cvelistv5
- unspecified
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
▼ | NTP Project | NTP |
Version: 4.2.8p3 Version: 4.2.8p4 |
||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T23:02:12.001Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0083/" }, { "name": "88200", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/88200" }, { "name": "1035705", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035705" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20171004-0002/" }, { "name": "FreeBSD-SA-16:16", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.synology.com/support/security/Synology_SA_18_13" }, { "name": "GLSA-201607-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201607-15" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NTP", "vendor": "NTP Project", "versions": [ { "status": "affected", "version": "4.2.8p3" }, { "status": "affected", "version": "4.2.8p4" } ] }, { "product": "NTPSec", "vendor": "NTPsec Project", "versions": [ { "status": "affected", "version": "3e160db8dc248a0bcb053b56a80167dc742d2b74" }, { "status": "affected", "version": "a5fb34b9cc89b92a8fef2f459004865c93bb7f92" } ] } ], "datePublic": "2016-04-26T00:00:00", "descriptions": [ { "lang": "en", "value": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock." } ], "problemTypes": [ { "descriptions": [ { "description": "unspecified", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-10-31T18:06:28", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0083/" }, { "name": "88200", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/88200" }, { "name": "1035705", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035705" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20171004-0002/" }, { "name": "FreeBSD-SA-16:16", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.synology.com/support/security/Synology_SA_18_13" }, { "name": "GLSA-201607-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201607-15" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cert@cert.org", "ID": "CVE-2016-1549", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "NTP", "version": { "version_data": [ { "version_value": "4.2.8p3" }, { "version_value": "4.2.8p4" } ] } } ] }, "vendor_name": "NTP Project" }, { "product": { "product_data": [ { "product_name": "NTPSec", "version": { "version_data": [ { "version_value": "3e160db8dc248a0bcb053b56a80167dc742d2b74" }, { "version_value": "a5fb34b9cc89b92a8fef2f459004865c93bb7f92" } ] } } ] }, "vendor_name": "NTPsec Project" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "unspecified" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.talosintelligence.com/reports/TALOS-2016-0083/", "refsource": "MISC", "url": "http://www.talosintelligence.com/reports/TALOS-2016-0083/" }, { "name": "88200", "refsource": "BID", "url": "http://www.securityfocus.com/bid/88200" }, { "name": "1035705", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035705" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "https://security.netapp.com/advisory/ntap-20171004-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171004-0002/" }, { "name": "FreeBSD-SA-16:16", "refsource": "FREEBSD", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc" }, { "name": "https://www.synology.com/support/security/Synology_SA_18_13", "refsource": "CONFIRM", "url": "https://www.synology.com/support/security/Synology_SA_18_13" }, { "name": "GLSA-201607-15", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201607-15" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us" } ] } } } }, "cveMetadata": { "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-1549", "datePublished": "2017-01-06T21:00:00", "dateReserved": "2016-01-07T00:00:00", "dateUpdated": "2024-08-05T23:02:12.001Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2016-1549\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2017-01-06T21:59:00.383\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock.\"},{\"lang\":\"es\",\"value\":\"Un par malicioso autenticado puede crear arbitrariamente muchas asociaciones ef\u00edmeras para ganar el algoritmo de selecci\u00f3n de reloj en ntpd en NTP 4.2.8p4 y versiones anteriores y NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 y a5fb34b9cc89b92a8fef2f459004865c93bb7f92 y modificar un reloj de una v\u00edctima.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-19\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"99C71C00-7222-483B-AEFB-159337BD3C92\"}]}]}],\"references\":[{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.securityfocus.com/bid/88200\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.securitytracker.com/id/1035705\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.talosintelligence.com/reports/TALOS-2016-0083/\",\"source\":\"cret@cert.org\",\"tags\":[\"Mitigation\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc\",\"source\":\"cret@cert.org\"},{\"url\":\"https://security.gentoo.org/glsa/201607-15\",\"source\":\"cret@cert.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20171004-0002/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us\",\"source\":\"cret@cert.org\"},{\"url\":\"https://www.synology.com/support/security/Synology_SA_18_13\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/88200\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1035705\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.talosintelligence.com/reports/TALOS-2016-0083/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201607-15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20171004-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.synology.com/support/security/Synology_SA_18_13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
suse-su-2016:1471-1
Vulnerability from csaf_suse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for ntp", "title": "Title of the patch" }, { "category": "description", "text": "\nThis update for ntp fixes the following issues: \n\n- Separate the creation of ntp.keys and key #1 in it to avoid\n problems when upgrading installations that have the file, but\n no key #1, which is needed e.g. by \u0027rcntp addserver\u0027.\n\n- Update to 4.2.8p7 (bsc#977446):\n * CVE-2016-1547, bsc#977459:\n Validate crypto-NAKs, AKA: CRYPTO-NAK DoS.\n * CVE-2016-1548, bsc#977461: Interleave-pivot\n * CVE-2016-1549, bsc#977451:\n Sybil vulnerability: ephemeral association attack.\n * CVE-2016-1550, bsc#977464: Improve NTP security against buffer\n comparison timing attacks.\n * CVE-2016-1551, bsc#977450:\n Refclock impersonation vulnerability\n * CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig\n directives will cause an assertion botch in ntpd.\n * CVE-2016-2517, bsc#977455: remote configuration trustedkey/\n requestkey/controlkey values are not properly validated.\n * CVE-2016-2518, bsc#977457: Crafted addpeer with hmode \u003e 7\n causes array wraparound with MATCH_ASSOC.\n * CVE-2016-2519, bsc#977458: ctl_getitem() return value not\n always checked.\n * integrate ntp-fork.patch\n * Improve the fixes for:\n CVE-2015-7704, CVE-2015-7705, CVE-2015-7974\n- Restrict the parser in the startup script to the first\n occurrance of \u0027keys\u0027 and \u0027controlkey\u0027 in ntp.conf (bsc#957226).\n\n", "title": "Description of the patch" }, { "category": "details", "text": "sleclo50sp3-ntp-12592,sleman21-ntp-12592,slemap21-ntp-12592,slessp2-ntp-12592,slessp3-ntp-12592", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1471-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2016:1471-1", "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20161471-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2016:1471-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2016-June/002089.html" }, { "category": "self", "summary": "SUSE Bug 957226", "url": "https://bugzilla.suse.com/957226" }, { "category": "self", "summary": "SUSE Bug 977446", "url": "https://bugzilla.suse.com/977446" }, { "category": "self", "summary": "SUSE Bug 977450", "url": "https://bugzilla.suse.com/977450" }, { "category": "self", "summary": "SUSE Bug 977451", "url": "https://bugzilla.suse.com/977451" }, { "category": "self", "summary": "SUSE Bug 977452", "url": "https://bugzilla.suse.com/977452" }, { "category": "self", "summary": "SUSE Bug 977455", "url": "https://bugzilla.suse.com/977455" }, { "category": "self", "summary": "SUSE Bug 977457", "url": "https://bugzilla.suse.com/977457" }, { "category": "self", "summary": "SUSE Bug 977458", "url": "https://bugzilla.suse.com/977458" }, { "category": "self", "summary": "SUSE Bug 977459", "url": "https://bugzilla.suse.com/977459" }, { "category": "self", "summary": "SUSE Bug 977461", "url": "https://bugzilla.suse.com/977461" }, { "category": "self", "summary": "SUSE Bug 977464", "url": "https://bugzilla.suse.com/977464" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7704 page", "url": "https://www.suse.com/security/cve/CVE-2015-7704/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7705 page", "url": "https://www.suse.com/security/cve/CVE-2015-7705/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7974 page", "url": "https://www.suse.com/security/cve/CVE-2015-7974/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1547 page", "url": "https://www.suse.com/security/cve/CVE-2016-1547/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1548 page", "url": "https://www.suse.com/security/cve/CVE-2016-1548/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1549 page", "url": "https://www.suse.com/security/cve/CVE-2016-1549/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1550 page", "url": "https://www.suse.com/security/cve/CVE-2016-1550/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1551 page", "url": "https://www.suse.com/security/cve/CVE-2016-1551/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-2516 page", "url": "https://www.suse.com/security/cve/CVE-2016-2516/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-2517 page", "url": "https://www.suse.com/security/cve/CVE-2016-2517/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-2518 page", "url": "https://www.suse.com/security/cve/CVE-2016-2518/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-2519 page", "url": "https://www.suse.com/security/cve/CVE-2016-2519/" } ], "title": "Security update for ntp", "tracking": { "current_release_date": "2016-06-01T12:36:52Z", "generator": { "date": "2016-06-01T12:36:52Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2016:1471-1", "initial_release_date": "2016-06-01T12:36:52Z", "revision_history": [ { "date": "2016-06-01T12:36:52Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p7-44.1.i586", "product": { "name": "ntp-4.2.8p7-44.1.i586", "product_id": "ntp-4.2.8p7-44.1.i586" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p7-44.1.i586", "product": { "name": "ntp-doc-4.2.8p7-44.1.i586", "product_id": "ntp-doc-4.2.8p7-44.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p7-44.1.s390x", "product": { "name": "ntp-4.2.8p7-44.1.s390x", "product_id": "ntp-4.2.8p7-44.1.s390x" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p7-44.1.s390x", "product": { "name": "ntp-doc-4.2.8p7-44.1.s390x", "product_id": "ntp-doc-4.2.8p7-44.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p7-44.1.x86_64", "product": { "name": "ntp-4.2.8p7-44.1.x86_64", "product_id": "ntp-4.2.8p7-44.1.x86_64" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p7-44.1.x86_64", "product": { "name": "ntp-doc-4.2.8p7-44.1.x86_64", "product_id": "ntp-doc-4.2.8p7-44.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE OpenStack Cloud 5", "product": { "name": "SUSE OpenStack Cloud 5", "product_id": "SUSE OpenStack Cloud 5", "product_identification_helper": { "cpe": "cpe:/o:suse:cloud:5" } } }, { "category": "product_name", "name": "SUSE Manager 2.1", "product": { "name": "SUSE Manager 2.1", "product_id": "SUSE Manager 2.1", "product_identification_helper": { "cpe": "cpe:/o:suse:suse-manager-server:2.1" } } }, { "category": "product_name", "name": "SUSE Manager Proxy 2.1", "product": { "name": "SUSE Manager Proxy 2.1", "product_id": "SUSE Manager Proxy 2.1", "product_identification_helper": { "cpe": "cpe:/o:suse:suse-manager-proxy:2.1" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 11 SP2-LTSS", "product": { "name": "SUSE Linux Enterprise Server 11 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_sles_ltss:11:sp2" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 11 SP3-LTSS", "product": { "name": "SUSE Linux Enterprise Server 11 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_sles_ltss:11:sp3" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 11 SP3-TERADATA", "product": { "name": "SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_identification_helper": { "cpe": "cpe:/o:suse:sles:11:sp3:teradata" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-44.1.x86_64 as component of SUSE OpenStack Cloud 5", "product_id": "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64" }, "product_reference": "ntp-4.2.8p7-44.1.x86_64", "relates_to_product_reference": "SUSE OpenStack Cloud 5" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-44.1.x86_64 as component of SUSE OpenStack Cloud 5", "product_id": "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p7-44.1.x86_64", "relates_to_product_reference": "SUSE OpenStack Cloud 5" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-44.1.s390x as component of SUSE Manager 2.1", "product_id": "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x" }, "product_reference": "ntp-4.2.8p7-44.1.s390x", "relates_to_product_reference": "SUSE Manager 2.1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-44.1.x86_64 as component of SUSE Manager 2.1", "product_id": "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64" }, "product_reference": "ntp-4.2.8p7-44.1.x86_64", "relates_to_product_reference": "SUSE Manager 2.1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-44.1.s390x as component of SUSE Manager 2.1", "product_id": "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x" }, "product_reference": "ntp-doc-4.2.8p7-44.1.s390x", "relates_to_product_reference": "SUSE Manager 2.1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-44.1.x86_64 as component of SUSE Manager 2.1", "product_id": "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p7-44.1.x86_64", "relates_to_product_reference": "SUSE Manager 2.1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-44.1.x86_64 as component of SUSE Manager Proxy 2.1", "product_id": "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64" }, "product_reference": "ntp-4.2.8p7-44.1.x86_64", "relates_to_product_reference": "SUSE Manager Proxy 2.1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-44.1.x86_64 as component of SUSE Manager Proxy 2.1", "product_id": "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p7-44.1.x86_64", "relates_to_product_reference": "SUSE Manager Proxy 2.1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-44.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586" }, "product_reference": "ntp-4.2.8p7-44.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-44.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x" }, "product_reference": "ntp-4.2.8p7-44.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-44.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64" }, "product_reference": "ntp-4.2.8p7-44.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-44.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586" }, "product_reference": "ntp-doc-4.2.8p7-44.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-44.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x" }, "product_reference": "ntp-doc-4.2.8p7-44.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-44.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p7-44.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-44.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586" }, "product_reference": "ntp-4.2.8p7-44.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-44.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x" }, "product_reference": "ntp-4.2.8p7-44.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-44.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64" }, "product_reference": "ntp-4.2.8p7-44.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-44.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586" }, "product_reference": "ntp-doc-4.2.8p7-44.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-44.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x" }, "product_reference": "ntp-doc-4.2.8p7-44.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-44.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p7-44.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-44.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586" }, "product_reference": "ntp-4.2.8p7-44.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-44.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x" }, "product_reference": "ntp-4.2.8p7-44.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-44.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64" }, "product_reference": "ntp-4.2.8p7-44.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-44.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586" }, "product_reference": "ntp-doc-4.2.8p7-44.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-44.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x" }, "product_reference": "ntp-doc-4.2.8p7-44.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-44.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p7-44.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA" } ] }, "vulnerabilities": [ { "cve": "CVE-2015-7704", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7704" } ], "notes": [ { "category": "general", "text": "The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted \"KOD\" messages.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7704", "url": "https://www.suse.com/security/cve/CVE-2015-7704" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7704", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7704", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 952611 for CVE-2015-7704", "url": "https://bugzilla.suse.com/952611" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7704", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2015-7704", "url": "https://bugzilla.suse.com/977446" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-01T12:36:52Z", "details": "important" } ], "title": "CVE-2015-7704" }, { "cve": "CVE-2015-7705", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7705" } ], "notes": [ { "category": "general", "text": "The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7705", "url": "https://www.suse.com/security/cve/CVE-2015-7705" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7705", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7705", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 952611 for CVE-2015-7705", "url": "https://bugzilla.suse.com/952611" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7705", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-01T12:36:52Z", "details": "critical" } ], "title": "CVE-2015-7705" }, { "cve": "CVE-2015-7974", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7974" } ], "notes": [ { "category": "general", "text": "NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\"", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7974", "url": "https://www.suse.com/security/cve/CVE-2015-7974" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7974", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962960 for CVE-2015-7974", "url": "https://bugzilla.suse.com/962960" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7974", "url": "https://bugzilla.suse.com/962995" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-01T12:36:52Z", "details": "low" } ], "title": "CVE-2015-7974" }, { "cve": "CVE-2016-1547", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1547" } ], "notes": [ { "category": "general", "text": "An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1547", "url": "https://www.suse.com/security/cve/CVE-2016-1547" }, { "category": "external", "summary": "SUSE Bug 962784 for CVE-2016-1547", "url": "https://bugzilla.suse.com/962784" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1547", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977459 for CVE-2016-1547", "url": "https://bugzilla.suse.com/977459" }, { "category": "external", "summary": "SUSE Bug 982064 for CVE-2016-1547", "url": "https://bugzilla.suse.com/982064" }, { "category": "external", "summary": "SUSE Bug 982065 for CVE-2016-1547", "url": "https://bugzilla.suse.com/982065" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-01T12:36:52Z", "details": "moderate" } ], "title": "CVE-2016-1547" }, { "cve": "CVE-2016-1548", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1548" } ], "notes": [ { "category": "general", "text": "An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer-\u003edst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1548", "url": "https://www.suse.com/security/cve/CVE-2016-1548" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2016-1548", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1548", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977461 for CVE-2016-1548", "url": "https://bugzilla.suse.com/977461" }, { "category": "external", "summary": "SUSE Bug 982068 for CVE-2016-1548", "url": "https://bugzilla.suse.com/982068" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-01T12:36:52Z", "details": "moderate" } ], "title": "CVE-2016-1548" }, { "cve": "CVE-2016-1549", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1549" } ], "notes": [ { "category": "general", "text": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1549", "url": "https://www.suse.com/security/cve/CVE-2016-1549" }, { "category": "external", "summary": "SUSE Bug 1083424 for CVE-2016-1549", "url": "https://bugzilla.suse.com/1083424" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1549", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977451 for CVE-2016-1549", "url": "https://bugzilla.suse.com/977451" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-01T12:36:52Z", "details": "low" } ], "title": "CVE-2016-1549" }, { "cve": "CVE-2016-1550", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1550" } ], "notes": [ { "category": "general", "text": "An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1550", "url": "https://www.suse.com/security/cve/CVE-2016-1550" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1550", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977464 for CVE-2016-1550", "url": "https://bugzilla.suse.com/977464" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-01T12:36:52Z", "details": "low" } ], "title": "CVE-2016-1550" }, { "cve": "CVE-2016-1551", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1551" } ], "notes": [ { "category": "general", "text": "ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock\u0027s peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1551", "url": "https://www.suse.com/security/cve/CVE-2016-1551" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1551", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977450 for CVE-2016-1551", "url": "https://bugzilla.suse.com/977450" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-01T12:36:52Z", "details": "low" } ], "title": "CVE-2016-1551" }, { "cve": "CVE-2016-2516", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-2516" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-2516", "url": "https://www.suse.com/security/cve/CVE-2016-2516" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-2516", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977452 for CVE-2016-2516", "url": "https://bugzilla.suse.com/977452" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-01T12:36:52Z", "details": "moderate" } ], "title": "CVE-2016-2516" }, { "cve": "CVE-2016-2517", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-2517" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-2517", "url": "https://www.suse.com/security/cve/CVE-2016-2517" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-2517", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977455 for CVE-2016-2517", "url": "https://bugzilla.suse.com/977455" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-01T12:36:52Z", "details": "moderate" } ], "title": "CVE-2016-2517" }, { "cve": "CVE-2016-2518", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-2518" } ], "notes": [ { "category": "general", "text": "The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-2518", "url": "https://www.suse.com/security/cve/CVE-2016-2518" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-2518", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977457 for CVE-2016-2518", "url": "https://bugzilla.suse.com/977457" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-01T12:36:52Z", "details": "low" } ], "title": "CVE-2016-2518" }, { "cve": "CVE-2016-2519", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-2519" } ], "notes": [ { "category": "general", "text": "ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-2519", "url": "https://www.suse.com/security/cve/CVE-2016-2519" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2016-2519", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-2519", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977458 for CVE-2016-2519", "url": "https://bugzilla.suse.com/977458" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p7-44.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p7-44.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p7-44.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p7-44.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-01T12:36:52Z", "details": "moderate" } ], "title": "CVE-2016-2519" } ] }
suse-su-2016:1568-1
Vulnerability from csaf_suse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for ntp", "title": "Title of the patch" }, { "category": "description", "text": "ntp was updated to version 4.2.8p8 to fix 17 security issues.\n\nThese security issues were fixed:\n- CVE-2016-4956: Broadcast interleave (bsc#982068).\n- CVE-2016-2518: Crafted addpeer with hmode \u003e 7 causes array wraparound with MATCH_ASSOC (bsc#977457).\n- CVE-2016-2519: ctl_getitem() return value not always checked (bsc#977458).\n- CVE-2016-4954: Processing spoofed server packets (bsc#982066).\n- CVE-2016-4955: Autokey association reset (bsc#982067).\n- CVE-2015-7974: NTP did not verify peer associations of symmetric keys when authenticating packets, which might allowed remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \u0027skeleton key (bsc#962960).\n- CVE-2016-4957: CRYPTO_NAK crash (bsc#982064).\n- CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion botch (bsc#977452).\n- CVE-2016-2517: Remote configuration trustedkey/requestkey values are not properly validated (bsc#977455).\n- CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065).\n- CVE-2016-1547: CRYPTO-NAK DoS (bsc#977459).\n- CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering (bsc#977450).\n- CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypt-timing (bsc#977464).\n- CVE-2016-1548: Interleave-pivot - MITIGATION ONLY (bsc#977461).\n- CVE-2016-1549: Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY (bsc#977451).\n\nThis release also contained improved patches for CVE-2015-7704, CVE-2015-7705, CVE-2015-7974.\n\nThese non-security issues were fixed:\n- bsc#979302: Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice.\n- bsc#981422: Don\u0027t ignore SIGCHILD because it breaks wait().\n- bsc#979981: ntp-wait does not accept fractional seconds, so use 1 instead of 0.2 in ntp-wait.service.\n- Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by \u0027rcntp addserver\u0027.\n- bsc#957226: Restrict the parser in the startup script to the first occurrance of \u0027keys\u0027 and \u0027controlkey\u0027 in ntp.conf.\n ", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-SLE-DESKTOP-12-2016-933,SUSE-SLE-SERVER-12-2016-933", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1568-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2016:1568-1", "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20161568-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2016:1568-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2016-June/002112.html" }, { "category": "self", "summary": "SUSE Bug 957226", "url": "https://bugzilla.suse.com/957226" }, { "category": "self", "summary": "SUSE Bug 962960", "url": "https://bugzilla.suse.com/962960" }, { "category": "self", "summary": "SUSE Bug 977450", "url": "https://bugzilla.suse.com/977450" }, { "category": "self", "summary": "SUSE Bug 977451", "url": "https://bugzilla.suse.com/977451" }, { "category": "self", "summary": "SUSE Bug 977452", "url": "https://bugzilla.suse.com/977452" }, { "category": "self", "summary": "SUSE Bug 977455", "url": "https://bugzilla.suse.com/977455" }, { "category": "self", "summary": "SUSE Bug 977457", "url": "https://bugzilla.suse.com/977457" }, { "category": "self", "summary": "SUSE Bug 977458", "url": "https://bugzilla.suse.com/977458" }, { "category": "self", "summary": "SUSE Bug 977459", "url": "https://bugzilla.suse.com/977459" }, { "category": "self", "summary": "SUSE Bug 977461", "url": "https://bugzilla.suse.com/977461" }, { "category": "self", "summary": "SUSE Bug 977464", "url": "https://bugzilla.suse.com/977464" }, { "category": "self", "summary": "SUSE Bug 979302", "url": "https://bugzilla.suse.com/979302" }, { "category": "self", "summary": "SUSE Bug 979981", "url": "https://bugzilla.suse.com/979981" }, { "category": "self", "summary": "SUSE Bug 981422", "url": "https://bugzilla.suse.com/981422" }, { "category": "self", "summary": "SUSE Bug 982064", "url": "https://bugzilla.suse.com/982064" }, { "category": "self", "summary": "SUSE Bug 982065", "url": "https://bugzilla.suse.com/982065" }, { "category": "self", "summary": "SUSE Bug 982066", "url": "https://bugzilla.suse.com/982066" }, { "category": "self", "summary": "SUSE Bug 982067", "url": "https://bugzilla.suse.com/982067" }, { "category": "self", "summary": "SUSE Bug 982068", "url": "https://bugzilla.suse.com/982068" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7704 page", "url": "https://www.suse.com/security/cve/CVE-2015-7704/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7705 page", "url": "https://www.suse.com/security/cve/CVE-2015-7705/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7974 page", "url": "https://www.suse.com/security/cve/CVE-2015-7974/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1547 page", "url": "https://www.suse.com/security/cve/CVE-2016-1547/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1548 page", "url": "https://www.suse.com/security/cve/CVE-2016-1548/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1549 page", "url": "https://www.suse.com/security/cve/CVE-2016-1549/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1550 page", "url": "https://www.suse.com/security/cve/CVE-2016-1550/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1551 page", "url": "https://www.suse.com/security/cve/CVE-2016-1551/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-2516 page", "url": "https://www.suse.com/security/cve/CVE-2016-2516/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-2517 page", "url": "https://www.suse.com/security/cve/CVE-2016-2517/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-2518 page", "url": "https://www.suse.com/security/cve/CVE-2016-2518/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-2519 page", "url": "https://www.suse.com/security/cve/CVE-2016-2519/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-4953 page", "url": "https://www.suse.com/security/cve/CVE-2016-4953/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-4954 page", "url": "https://www.suse.com/security/cve/CVE-2016-4954/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-4955 page", "url": "https://www.suse.com/security/cve/CVE-2016-4955/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-4956 page", "url": "https://www.suse.com/security/cve/CVE-2016-4956/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-4957 page", "url": "https://www.suse.com/security/cve/CVE-2016-4957/" } ], "title": "Security update for ntp", "tracking": { "current_release_date": "2016-06-14T06:45:46Z", "generator": { "date": "2016-06-14T06:45:46Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2016:1568-1", "initial_release_date": "2016-06-14T06:45:46Z", "revision_history": [ { "date": "2016-06-14T06:45:46Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p8-46.8.1.ppc64le", "product": { "name": "ntp-4.2.8p8-46.8.1.ppc64le", "product_id": "ntp-4.2.8p8-46.8.1.ppc64le" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p8-46.8.1.ppc64le", "product": { "name": "ntp-doc-4.2.8p8-46.8.1.ppc64le", "product_id": "ntp-doc-4.2.8p8-46.8.1.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p8-46.8.1.s390x", "product": { "name": "ntp-4.2.8p8-46.8.1.s390x", "product_id": "ntp-4.2.8p8-46.8.1.s390x" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p8-46.8.1.s390x", "product": { "name": "ntp-doc-4.2.8p8-46.8.1.s390x", "product_id": "ntp-doc-4.2.8p8-46.8.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p8-46.8.1.x86_64", "product": { "name": "ntp-4.2.8p8-46.8.1.x86_64", "product_id": "ntp-4.2.8p8-46.8.1.x86_64" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p8-46.8.1.x86_64", "product": { "name": "ntp-doc-4.2.8p8-46.8.1.x86_64", "product_id": "ntp-doc-4.2.8p8-46.8.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Desktop 12", "product": { "name": "SUSE Linux Enterprise Desktop 12", "product_id": "SUSE Linux Enterprise Desktop 12", "product_identification_helper": { "cpe": "cpe:/o:suse:sled:12" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 12", "product": { "name": "SUSE Linux Enterprise Server 12", "product_id": "SUSE Linux Enterprise Server 12", "product_identification_helper": { "cpe": "cpe:/o:suse:sles:12" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 12", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 12", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:12" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p8-46.8.1.x86_64 as component of SUSE Linux Enterprise Desktop 12", "product_id": "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64" }, "product_reference": "ntp-4.2.8p8-46.8.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p8-46.8.1.x86_64 as component of SUSE Linux Enterprise Desktop 12", "product_id": "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p8-46.8.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p8-46.8.1.ppc64le as component of SUSE Linux Enterprise Server 12", "product_id": "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le" }, "product_reference": "ntp-4.2.8p8-46.8.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p8-46.8.1.s390x as component of SUSE Linux Enterprise Server 12", "product_id": "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x" }, "product_reference": "ntp-4.2.8p8-46.8.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p8-46.8.1.x86_64 as component of SUSE Linux Enterprise Server 12", "product_id": "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64" }, "product_reference": "ntp-4.2.8p8-46.8.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p8-46.8.1.ppc64le as component of SUSE Linux Enterprise Server 12", "product_id": "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le" }, "product_reference": "ntp-doc-4.2.8p8-46.8.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p8-46.8.1.s390x as component of SUSE Linux Enterprise Server 12", "product_id": "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x" }, "product_reference": "ntp-doc-4.2.8p8-46.8.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p8-46.8.1.x86_64 as component of SUSE Linux Enterprise Server 12", "product_id": "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p8-46.8.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p8-46.8.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le" }, "product_reference": "ntp-4.2.8p8-46.8.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p8-46.8.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x" }, "product_reference": "ntp-4.2.8p8-46.8.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p8-46.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64" }, "product_reference": "ntp-4.2.8p8-46.8.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p8-46.8.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le" }, "product_reference": "ntp-doc-4.2.8p8-46.8.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p8-46.8.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x" }, "product_reference": "ntp-doc-4.2.8p8-46.8.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p8-46.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p8-46.8.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12" } ] }, "vulnerabilities": [ { "cve": "CVE-2015-7704", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7704" } ], "notes": [ { "category": "general", "text": "The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted \"KOD\" messages.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7704", "url": "https://www.suse.com/security/cve/CVE-2015-7704" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7704", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7704", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 952611 for CVE-2015-7704", "url": "https://bugzilla.suse.com/952611" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7704", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2015-7704", "url": "https://bugzilla.suse.com/977446" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-14T06:45:46Z", "details": "important" } ], "title": "CVE-2015-7704" }, { "cve": "CVE-2015-7705", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7705" } ], "notes": [ { "category": "general", "text": "The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7705", "url": "https://www.suse.com/security/cve/CVE-2015-7705" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7705", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7705", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 952611 for CVE-2015-7705", "url": "https://bugzilla.suse.com/952611" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7705", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-14T06:45:46Z", "details": "critical" } ], "title": "CVE-2015-7705" }, { "cve": "CVE-2015-7974", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7974" } ], "notes": [ { "category": "general", "text": "NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\"", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7974", "url": "https://www.suse.com/security/cve/CVE-2015-7974" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7974", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962960 for CVE-2015-7974", "url": "https://bugzilla.suse.com/962960" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7974", "url": "https://bugzilla.suse.com/962995" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-14T06:45:46Z", "details": "low" } ], "title": "CVE-2015-7974" }, { "cve": "CVE-2016-1547", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1547" } ], "notes": [ { "category": "general", "text": "An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1547", "url": "https://www.suse.com/security/cve/CVE-2016-1547" }, { "category": "external", "summary": "SUSE Bug 962784 for CVE-2016-1547", "url": "https://bugzilla.suse.com/962784" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1547", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977459 for CVE-2016-1547", "url": "https://bugzilla.suse.com/977459" }, { "category": "external", "summary": "SUSE Bug 982064 for CVE-2016-1547", "url": "https://bugzilla.suse.com/982064" }, { "category": "external", "summary": "SUSE Bug 982065 for CVE-2016-1547", "url": "https://bugzilla.suse.com/982065" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-14T06:45:46Z", "details": "moderate" } ], "title": "CVE-2016-1547" }, { "cve": "CVE-2016-1548", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1548" } ], "notes": [ { "category": "general", "text": "An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer-\u003edst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1548", "url": "https://www.suse.com/security/cve/CVE-2016-1548" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2016-1548", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1548", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977461 for CVE-2016-1548", "url": "https://bugzilla.suse.com/977461" }, { "category": "external", "summary": "SUSE Bug 982068 for CVE-2016-1548", "url": "https://bugzilla.suse.com/982068" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-14T06:45:46Z", "details": "moderate" } ], "title": "CVE-2016-1548" }, { "cve": "CVE-2016-1549", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1549" } ], "notes": [ { "category": "general", "text": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1549", "url": "https://www.suse.com/security/cve/CVE-2016-1549" }, { "category": "external", "summary": "SUSE Bug 1083424 for CVE-2016-1549", "url": "https://bugzilla.suse.com/1083424" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1549", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977451 for CVE-2016-1549", "url": "https://bugzilla.suse.com/977451" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-14T06:45:46Z", "details": "low" } ], "title": "CVE-2016-1549" }, { "cve": "CVE-2016-1550", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1550" } ], "notes": [ { "category": "general", "text": "An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1550", "url": "https://www.suse.com/security/cve/CVE-2016-1550" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1550", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977464 for CVE-2016-1550", "url": "https://bugzilla.suse.com/977464" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-14T06:45:46Z", "details": "low" } ], "title": "CVE-2016-1550" }, { "cve": "CVE-2016-1551", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1551" } ], "notes": [ { "category": "general", "text": "ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock\u0027s peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1551", "url": "https://www.suse.com/security/cve/CVE-2016-1551" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1551", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977450 for CVE-2016-1551", "url": "https://bugzilla.suse.com/977450" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-14T06:45:46Z", "details": "low" } ], "title": "CVE-2016-1551" }, { "cve": "CVE-2016-2516", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-2516" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-2516", "url": "https://www.suse.com/security/cve/CVE-2016-2516" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-2516", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977452 for CVE-2016-2516", "url": "https://bugzilla.suse.com/977452" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-14T06:45:46Z", "details": "moderate" } ], "title": "CVE-2016-2516" }, { "cve": "CVE-2016-2517", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-2517" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-2517", "url": "https://www.suse.com/security/cve/CVE-2016-2517" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-2517", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977455 for CVE-2016-2517", "url": "https://bugzilla.suse.com/977455" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-14T06:45:46Z", "details": "moderate" } ], "title": "CVE-2016-2517" }, { "cve": "CVE-2016-2518", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-2518" } ], "notes": [ { "category": "general", "text": "The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-2518", "url": "https://www.suse.com/security/cve/CVE-2016-2518" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-2518", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977457 for CVE-2016-2518", "url": "https://bugzilla.suse.com/977457" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-14T06:45:46Z", "details": "low" } ], "title": "CVE-2016-2518" }, { "cve": "CVE-2016-2519", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-2519" } ], "notes": [ { "category": "general", "text": "ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-2519", "url": "https://www.suse.com/security/cve/CVE-2016-2519" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2016-2519", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-2519", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977458 for CVE-2016-2519", "url": "https://bugzilla.suse.com/977458" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-14T06:45:46Z", "details": "moderate" } ], "title": "CVE-2016-2519" }, { "cve": "CVE-2016-4953", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-4953" } ], "notes": [ { "category": "general", "text": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-4953", "url": "https://www.suse.com/security/cve/CVE-2016-4953" }, { "category": "external", "summary": "SUSE Bug 962784 for CVE-2016-4953", "url": "https://bugzilla.suse.com/962784" }, { "category": "external", "summary": "SUSE Bug 977459 for CVE-2016-4953", "url": "https://bugzilla.suse.com/977459" }, { "category": "external", "summary": "SUSE Bug 982056 for CVE-2016-4953", "url": "https://bugzilla.suse.com/982056" }, { "category": "external", "summary": "SUSE Bug 982065 for CVE-2016-4953", "url": "https://bugzilla.suse.com/982065" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-14T06:45:46Z", "details": "moderate" } ], "title": "CVE-2016-4953" }, { "cve": "CVE-2016-4954", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-4954" } ], "notes": [ { "category": "general", "text": "The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-4954", "url": "https://www.suse.com/security/cve/CVE-2016-4954" }, { "category": "external", "summary": "SUSE Bug 982056 for CVE-2016-4954", "url": "https://bugzilla.suse.com/982056" }, { "category": "external", "summary": "SUSE Bug 982066 for CVE-2016-4954", "url": "https://bugzilla.suse.com/982066" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-14T06:45:46Z", "details": "low" } ], "title": "CVE-2016-4954" }, { "cve": "CVE-2016-4955", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-4955" } ], "notes": [ { "category": "general", "text": "ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-4955", "url": "https://www.suse.com/security/cve/CVE-2016-4955" }, { "category": "external", "summary": "SUSE Bug 982056 for CVE-2016-4955", "url": "https://bugzilla.suse.com/982056" }, { "category": "external", "summary": "SUSE Bug 982067 for CVE-2016-4955", "url": "https://bugzilla.suse.com/982067" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-14T06:45:46Z", "details": "low" } ], "title": "CVE-2016-4955" }, { "cve": "CVE-2016-4956", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-4956" } ], "notes": [ { "category": "general", "text": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-4956", "url": "https://www.suse.com/security/cve/CVE-2016-4956" }, { "category": "external", "summary": "SUSE Bug 977461 for CVE-2016-4956", "url": "https://bugzilla.suse.com/977461" }, { "category": "external", "summary": "SUSE Bug 982056 for CVE-2016-4956", "url": "https://bugzilla.suse.com/982056" }, { "category": "external", "summary": "SUSE Bug 982068 for CVE-2016-4956", "url": "https://bugzilla.suse.com/982068" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-14T06:45:46Z", "details": "low" } ], "title": "CVE-2016-4956" }, { "cve": "CVE-2016-4957", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-4957" } ], "notes": [ { "category": "general", "text": "ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-4957", "url": "https://www.suse.com/security/cve/CVE-2016-4957" }, { "category": "external", "summary": "SUSE Bug 977459 for CVE-2016-4957", "url": "https://bugzilla.suse.com/977459" }, { "category": "external", "summary": "SUSE Bug 982056 for CVE-2016-4957", "url": "https://bugzilla.suse.com/982056" }, { "category": "external", "summary": "SUSE Bug 982064 for CVE-2016-4957", "url": "https://bugzilla.suse.com/982064" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p8-46.8.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p8-46.8.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-06-14T06:45:46Z", "details": "moderate" } ], "title": "CVE-2016-4957" } ] }
suse-su-2018:0808-1
Vulnerability from csaf_suse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for ntp", "title": "Title of the patch" }, { "category": "description", "text": "This update for ntp fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2016-1549: Significant additional protections against CVE-2016-1549 that was fixed in ntp-4.2.8p7 (bsc#1082210).\n- CVE-2018-7170: Ephemeral association time spoofing additional protection (bsc#1083424).\n- CVE-2018-7182: Buffer read overrun leads information leak in ctl_getitem() (bsc#1083426).\n- CVE-2018-7183: decodearr() can write beyond its buffer limit (bsc#1083417).\n- CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state (bsc#1083422).\n- CVE-2018-7185: Unauthenticated packet can reset authenticated interleaved association (bsc#1083420).\n\nBug fixes:\n\n- bsc#1077445: Don\u0027t use libevent\u0027s cached time stamps in sntp.\n- Disable CMAC in ntp when building against a version of OpenSSL that doesn\u0027t support it.\n", "title": "Description of the patch" }, { "category": "details", "text": "slessp4-ntp-13534", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0808-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2018:0808-1", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180808-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2018:0808-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-March/003839.html" }, { "category": "self", "summary": "SUSE Bug 1077445", "url": "https://bugzilla.suse.com/1077445" }, { "category": "self", "summary": "SUSE Bug 1082210", "url": "https://bugzilla.suse.com/1082210" }, { "category": "self", "summary": "SUSE Bug 1083417", "url": "https://bugzilla.suse.com/1083417" }, { "category": "self", "summary": "SUSE Bug 1083420", "url": "https://bugzilla.suse.com/1083420" }, { "category": "self", "summary": "SUSE Bug 1083422", "url": "https://bugzilla.suse.com/1083422" }, { "category": "self", "summary": "SUSE Bug 1083424", "url": "https://bugzilla.suse.com/1083424" }, { "category": "self", "summary": "SUSE Bug 1083426", "url": "https://bugzilla.suse.com/1083426" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1549 page", "url": "https://www.suse.com/security/cve/CVE-2016-1549/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-7170 page", "url": "https://www.suse.com/security/cve/CVE-2018-7170/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-7182 page", "url": "https://www.suse.com/security/cve/CVE-2018-7182/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-7183 page", "url": "https://www.suse.com/security/cve/CVE-2018-7183/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-7184 page", "url": "https://www.suse.com/security/cve/CVE-2018-7184/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-7185 page", "url": "https://www.suse.com/security/cve/CVE-2018-7185/" } ], "title": "Security update for ntp", "tracking": { "current_release_date": "2018-03-26T09:50:07Z", "generator": { "date": "2018-03-26T09:50:07Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2018:0808-1", "initial_release_date": "2018-03-26T09:50:07Z", "revision_history": [ { "date": "2018-03-26T09:50:07Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p11-64.4.1.i586", "product": { "name": "ntp-4.2.8p11-64.4.1.i586", "product_id": "ntp-4.2.8p11-64.4.1.i586" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p11-64.4.1.i586", "product": { "name": "ntp-doc-4.2.8p11-64.4.1.i586", "product_id": "ntp-doc-4.2.8p11-64.4.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p11-64.4.1.ia64", "product": { "name": "ntp-4.2.8p11-64.4.1.ia64", "product_id": "ntp-4.2.8p11-64.4.1.ia64" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p11-64.4.1.ia64", "product": { "name": "ntp-doc-4.2.8p11-64.4.1.ia64", "product_id": "ntp-doc-4.2.8p11-64.4.1.ia64" } } ], "category": "architecture", "name": "ia64" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p11-64.4.1.ppc64", "product": { "name": "ntp-4.2.8p11-64.4.1.ppc64", "product_id": "ntp-4.2.8p11-64.4.1.ppc64" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p11-64.4.1.ppc64", "product": { "name": "ntp-doc-4.2.8p11-64.4.1.ppc64", "product_id": "ntp-doc-4.2.8p11-64.4.1.ppc64" } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p11-64.4.1.s390x", "product": { "name": "ntp-4.2.8p11-64.4.1.s390x", "product_id": "ntp-4.2.8p11-64.4.1.s390x" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p11-64.4.1.s390x", "product": { "name": "ntp-doc-4.2.8p11-64.4.1.s390x", "product_id": "ntp-doc-4.2.8p11-64.4.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p11-64.4.1.x86_64", "product": { "name": "ntp-4.2.8p11-64.4.1.x86_64", "product_id": "ntp-4.2.8p11-64.4.1.x86_64" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p11-64.4.1.x86_64", "product": { "name": "ntp-doc-4.2.8p11-64.4.1.x86_64", "product_id": "ntp-doc-4.2.8p11-64.4.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Server 11 SP4", "product": { "name": "SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_sles:11:sp4" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:11:sp4" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.4.1.i586 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.i586" }, "product_reference": "ntp-4.2.8p11-64.4.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.4.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ia64" }, "product_reference": "ntp-4.2.8p11-64.4.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.4.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ppc64" }, "product_reference": "ntp-4.2.8p11-64.4.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.4.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.s390x" }, "product_reference": "ntp-4.2.8p11-64.4.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.4.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.x86_64" }, "product_reference": "ntp-4.2.8p11-64.4.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.4.1.i586 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586" }, "product_reference": "ntp-doc-4.2.8p11-64.4.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.4.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64" }, "product_reference": "ntp-doc-4.2.8p11-64.4.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.4.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64" }, "product_reference": "ntp-doc-4.2.8p11-64.4.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.4.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x" }, "product_reference": "ntp-doc-4.2.8p11-64.4.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.4.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p11-64.4.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.4.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.i586" }, "product_reference": "ntp-4.2.8p11-64.4.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.4.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ia64" }, "product_reference": "ntp-4.2.8p11-64.4.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.4.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ppc64" }, "product_reference": "ntp-4.2.8p11-64.4.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.4.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.s390x" }, "product_reference": "ntp-4.2.8p11-64.4.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.x86_64" }, "product_reference": "ntp-4.2.8p11-64.4.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.4.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586" }, "product_reference": "ntp-doc-4.2.8p11-64.4.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.4.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64" }, "product_reference": "ntp-doc-4.2.8p11-64.4.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.4.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64" }, "product_reference": "ntp-doc-4.2.8p11-64.4.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.4.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x" }, "product_reference": "ntp-doc-4.2.8p11-64.4.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p11-64.4.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-1549", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1549" } ], "notes": [ { "category": "general", "text": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1549", "url": "https://www.suse.com/security/cve/CVE-2016-1549" }, { "category": "external", "summary": "SUSE Bug 1083424 for CVE-2016-1549", "url": "https://bugzilla.suse.com/1083424" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1549", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977451 for CVE-2016-1549", "url": "https://bugzilla.suse.com/977451" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-03-26T09:50:07Z", "details": "low" } ], "title": "CVE-2016-1549" }, { "cve": "CVE-2018-7170", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-7170" } ], "notes": [ { "category": "general", "text": "ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim\u0027s clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-7170", "url": "https://www.suse.com/security/cve/CVE-2018-7170" }, { "category": "external", "summary": "SUSE Bug 1082210 for CVE-2018-7170", "url": "https://bugzilla.suse.com/1082210" }, { "category": "external", "summary": "SUSE Bug 1083424 for CVE-2018-7170", "url": "https://bugzilla.suse.com/1083424" }, { "category": "external", "summary": "SUSE Bug 1087324 for CVE-2018-7170", "url": "https://bugzilla.suse.com/1087324" }, { "category": "external", "summary": "SUSE Bug 1098531 for CVE-2018-7170", "url": "https://bugzilla.suse.com/1098531" }, { "category": "external", "summary": "SUSE Bug 1155513 for CVE-2018-7170", "url": "https://bugzilla.suse.com/1155513" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-03-26T09:50:07Z", "details": "low" } ], "title": "CVE-2018-7170" }, { "cve": "CVE-2018-7182", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-7182" } ], "notes": [ { "category": "general", "text": "The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-7182", "url": "https://www.suse.com/security/cve/CVE-2018-7182" }, { "category": "external", "summary": "SUSE Bug 1082210 for CVE-2018-7182", "url": "https://bugzilla.suse.com/1082210" }, { "category": "external", "summary": "SUSE Bug 1083426 for CVE-2018-7182", "url": "https://bugzilla.suse.com/1083426" }, { "category": "external", "summary": "SUSE Bug 1087324 for CVE-2018-7182", "url": "https://bugzilla.suse.com/1087324" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-03-26T09:50:07Z", "details": "moderate" } ], "title": "CVE-2018-7182" }, { "cve": "CVE-2018-7183", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-7183" } ], "notes": [ { "category": "general", "text": "Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-7183", "url": "https://www.suse.com/security/cve/CVE-2018-7183" }, { "category": "external", "summary": "SUSE Bug 1082210 for CVE-2018-7183", "url": "https://bugzilla.suse.com/1082210" }, { "category": "external", "summary": "SUSE Bug 1083417 for CVE-2018-7183", "url": "https://bugzilla.suse.com/1083417" }, { "category": "external", "summary": "SUSE Bug 1087324 for CVE-2018-7183", "url": "https://bugzilla.suse.com/1087324" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-03-26T09:50:07Z", "details": "moderate" } ], "title": "CVE-2018-7183" }, { "cve": "CVE-2018-7184", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-7184" } ], "notes": [ { "category": "general", "text": "ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the \"received\" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-7184", "url": "https://www.suse.com/security/cve/CVE-2018-7184" }, { "category": "external", "summary": "SUSE Bug 1082210 for CVE-2018-7184", "url": "https://bugzilla.suse.com/1082210" }, { "category": "external", "summary": "SUSE Bug 1083422 for CVE-2018-7184", "url": "https://bugzilla.suse.com/1083422" }, { "category": "external", "summary": "SUSE Bug 1087324 for CVE-2018-7184", "url": "https://bugzilla.suse.com/1087324" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-03-26T09:50:07Z", "details": "low" } ], "title": "CVE-2018-7184" }, { "cve": "CVE-2018-7185", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-7185" } ], "notes": [ { "category": "general", "text": "The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the \"other side\" of an interleaved association causing the victim ntpd to reset its association.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-7185", "url": "https://www.suse.com/security/cve/CVE-2018-7185" }, { "category": "external", "summary": "SUSE Bug 1082210 for CVE-2018-7185", "url": "https://bugzilla.suse.com/1082210" }, { "category": "external", "summary": "SUSE Bug 1083420 for CVE-2018-7185", "url": "https://bugzilla.suse.com/1083420" }, { "category": "external", "summary": "SUSE Bug 1087324 for CVE-2018-7185", "url": "https://bugzilla.suse.com/1087324" }, { "category": "external", "summary": "SUSE Bug 1089405 for CVE-2018-7185", "url": "https://bugzilla.suse.com/1089405" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p11-64.4.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p11-64.4.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-03-26T09:50:07Z", "details": "low" } ], "title": "CVE-2018-7185" } ] }
suse-su-2018:0956-1
Vulnerability from csaf_suse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for ntp", "title": "Title of the patch" }, { "category": "description", "text": "This update for ntp fixes the following issues:\n\n- Update to 4.2.8p11 (bsc#1082210):\n * CVE-2016-1549: Sybil vulnerability: ephemeral association\n attack. While fixed in ntp-4.2.8p7, there are significant\n additional protections for this issue in 4.2.8p11.\n * CVE-2018-7182: ctl_getitem(): buffer read overrun\n leads to undefined behavior and information leak. (bsc#1083426)\n * CVE-2018-7170: Multiple authenticated ephemeral\n associations. (bsc#1083424)\n * CVE-2018-7184: Interleaved symmetric mode cannot\n recover from bad state. (bsc#1083422)\n * CVE-2018-7185: Unauthenticated packet can reset\n authenticated interleaved association. (bsc#1083420)\n * CVE-2018-7183: ntpq:decodearr() can write beyond its\n buffer limit.(bsc#1083417)\n- Don\u0027t use libevent\u0027s cached time stamps in sntp. (bsc#1077445)\n\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-SLE-DESKTOP-12-SP3-2018-648,SUSE-SLE-SERVER-12-SP3-2018-648", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0956-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2018:0956-1", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180956-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2018:0956-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-April/003894.html" }, { "category": "self", "summary": "SUSE Bug 1077445", "url": "https://bugzilla.suse.com/1077445" }, { "category": "self", "summary": "SUSE Bug 1082063", "url": "https://bugzilla.suse.com/1082063" }, { "category": "self", "summary": "SUSE Bug 1082210", "url": "https://bugzilla.suse.com/1082210" }, { "category": "self", "summary": "SUSE Bug 1083417", "url": "https://bugzilla.suse.com/1083417" }, { "category": "self", "summary": "SUSE Bug 1083420", "url": "https://bugzilla.suse.com/1083420" }, { "category": "self", "summary": "SUSE Bug 1083422", "url": "https://bugzilla.suse.com/1083422" }, { "category": "self", "summary": "SUSE Bug 1083424", "url": "https://bugzilla.suse.com/1083424" }, { "category": "self", "summary": "SUSE Bug 1083426", "url": "https://bugzilla.suse.com/1083426" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1549 page", "url": "https://www.suse.com/security/cve/CVE-2016-1549/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-7170 page", "url": "https://www.suse.com/security/cve/CVE-2018-7170/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-7182 page", "url": "https://www.suse.com/security/cve/CVE-2018-7182/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-7183 page", "url": "https://www.suse.com/security/cve/CVE-2018-7183/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-7184 page", "url": "https://www.suse.com/security/cve/CVE-2018-7184/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-7185 page", "url": "https://www.suse.com/security/cve/CVE-2018-7185/" } ], "title": "Security update for ntp", "tracking": { "current_release_date": "2018-04-16T15:31:58Z", "generator": { "date": "2018-04-16T15:31:58Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2018:0956-1", "initial_release_date": "2018-04-16T15:31:58Z", "revision_history": [ { "date": "2018-04-16T15:31:58Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p11-64.3.2.aarch64", "product": { "name": "ntp-4.2.8p11-64.3.2.aarch64", "product_id": "ntp-4.2.8p11-64.3.2.aarch64" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p11-64.3.2.aarch64", "product": { "name": "ntp-doc-4.2.8p11-64.3.2.aarch64", "product_id": "ntp-doc-4.2.8p11-64.3.2.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p11-64.3.2.ppc64le", "product": { "name": "ntp-4.2.8p11-64.3.2.ppc64le", "product_id": "ntp-4.2.8p11-64.3.2.ppc64le" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p11-64.3.2.ppc64le", "product": { "name": "ntp-doc-4.2.8p11-64.3.2.ppc64le", "product_id": "ntp-doc-4.2.8p11-64.3.2.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p11-64.3.2.s390x", "product": { "name": "ntp-4.2.8p11-64.3.2.s390x", "product_id": "ntp-4.2.8p11-64.3.2.s390x" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p11-64.3.2.s390x", "product": { "name": "ntp-doc-4.2.8p11-64.3.2.s390x", "product_id": "ntp-doc-4.2.8p11-64.3.2.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p11-64.3.2.x86_64", "product": { "name": "ntp-4.2.8p11-64.3.2.x86_64", "product_id": "ntp-4.2.8p11-64.3.2.x86_64" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p11-64.3.2.x86_64", "product": { "name": "ntp-doc-4.2.8p11-64.3.2.x86_64", "product_id": "ntp-doc-4.2.8p11-64.3.2.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Desktop 12 SP3", "product": { "name": "SUSE Linux Enterprise Desktop 12 SP3", "product_id": "SUSE Linux Enterprise Desktop 12 SP3", "product_identification_helper": { "cpe": "cpe:/o:suse:sled:12:sp3" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 12 SP3", "product": { "name": "SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3", "product_identification_helper": { "cpe": "cpe:/o:suse:sles:12:sp3" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:12:sp3" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.3.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3", "product_id": "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.3.2.x86_64" }, "product_reference": "ntp-4.2.8p11-64.3.2.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.3.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3", "product_id": "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64" }, "product_reference": "ntp-doc-4.2.8p11-64.3.2.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.3.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.aarch64" }, "product_reference": "ntp-4.2.8p11-64.3.2.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.3.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le" }, "product_reference": "ntp-4.2.8p11-64.3.2.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.3.2.s390x as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.s390x" }, "product_reference": "ntp-4.2.8p11-64.3.2.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.3.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.x86_64" }, "product_reference": "ntp-4.2.8p11-64.3.2.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.3.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64" }, "product_reference": "ntp-doc-4.2.8p11-64.3.2.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.3.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le" }, "product_reference": "ntp-doc-4.2.8p11-64.3.2.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.3.2.s390x as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x" }, "product_reference": "ntp-doc-4.2.8p11-64.3.2.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.3.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64" }, "product_reference": "ntp-doc-4.2.8p11-64.3.2.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.3.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.aarch64" }, "product_reference": "ntp-4.2.8p11-64.3.2.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.3.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le" }, "product_reference": "ntp-4.2.8p11-64.3.2.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.3.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.s390x" }, "product_reference": "ntp-4.2.8p11-64.3.2.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.3.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.x86_64" }, "product_reference": "ntp-4.2.8p11-64.3.2.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.3.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64" }, "product_reference": "ntp-doc-4.2.8p11-64.3.2.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.3.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le" }, "product_reference": "ntp-doc-4.2.8p11-64.3.2.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.3.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x" }, "product_reference": "ntp-doc-4.2.8p11-64.3.2.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.3.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64" }, "product_reference": "ntp-doc-4.2.8p11-64.3.2.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-1549", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1549" } ], "notes": [ { "category": "general", "text": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1549", "url": "https://www.suse.com/security/cve/CVE-2016-1549" }, { "category": "external", "summary": "SUSE Bug 1083424 for CVE-2016-1549", "url": "https://bugzilla.suse.com/1083424" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1549", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977451 for CVE-2016-1549", "url": "https://bugzilla.suse.com/977451" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-04-16T15:31:58Z", "details": "low" } ], "title": "CVE-2016-1549" }, { "cve": "CVE-2018-7170", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-7170" } ], "notes": [ { "category": "general", "text": "ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim\u0027s clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-7170", "url": "https://www.suse.com/security/cve/CVE-2018-7170" }, { "category": "external", "summary": "SUSE Bug 1082210 for CVE-2018-7170", "url": "https://bugzilla.suse.com/1082210" }, { "category": "external", "summary": "SUSE Bug 1083424 for CVE-2018-7170", "url": "https://bugzilla.suse.com/1083424" }, { "category": "external", "summary": "SUSE Bug 1087324 for CVE-2018-7170", "url": "https://bugzilla.suse.com/1087324" }, { "category": "external", "summary": "SUSE Bug 1098531 for CVE-2018-7170", "url": "https://bugzilla.suse.com/1098531" }, { "category": "external", "summary": "SUSE Bug 1155513 for CVE-2018-7170", "url": "https://bugzilla.suse.com/1155513" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-04-16T15:31:58Z", "details": "low" } ], "title": "CVE-2018-7170" }, { "cve": "CVE-2018-7182", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-7182" } ], "notes": [ { "category": "general", "text": "The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-7182", "url": "https://www.suse.com/security/cve/CVE-2018-7182" }, { "category": "external", "summary": "SUSE Bug 1082210 for CVE-2018-7182", "url": "https://bugzilla.suse.com/1082210" }, { "category": "external", "summary": "SUSE Bug 1083426 for CVE-2018-7182", "url": "https://bugzilla.suse.com/1083426" }, { "category": "external", "summary": "SUSE Bug 1087324 for CVE-2018-7182", "url": "https://bugzilla.suse.com/1087324" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-04-16T15:31:58Z", "details": "moderate" } ], "title": "CVE-2018-7182" }, { "cve": "CVE-2018-7183", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-7183" } ], "notes": [ { "category": "general", "text": "Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-7183", "url": "https://www.suse.com/security/cve/CVE-2018-7183" }, { "category": "external", "summary": "SUSE Bug 1082210 for CVE-2018-7183", "url": "https://bugzilla.suse.com/1082210" }, { "category": "external", "summary": "SUSE Bug 1083417 for CVE-2018-7183", "url": "https://bugzilla.suse.com/1083417" }, { "category": "external", "summary": "SUSE Bug 1087324 for CVE-2018-7183", "url": "https://bugzilla.suse.com/1087324" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-04-16T15:31:58Z", "details": "moderate" } ], "title": "CVE-2018-7183" }, { "cve": "CVE-2018-7184", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-7184" } ], "notes": [ { "category": "general", "text": "ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the \"received\" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-7184", "url": "https://www.suse.com/security/cve/CVE-2018-7184" }, { "category": "external", "summary": "SUSE Bug 1082210 for CVE-2018-7184", "url": "https://bugzilla.suse.com/1082210" }, { "category": "external", "summary": "SUSE Bug 1083422 for CVE-2018-7184", "url": "https://bugzilla.suse.com/1083422" }, { "category": "external", "summary": "SUSE Bug 1087324 for CVE-2018-7184", "url": "https://bugzilla.suse.com/1087324" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-04-16T15:31:58Z", "details": "low" } ], "title": "CVE-2018-7184" }, { "cve": "CVE-2018-7185", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-7185" } ], "notes": [ { "category": "general", "text": "The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the \"other side\" of an interleaved association causing the victim ntpd to reset its association.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-7185", "url": "https://www.suse.com/security/cve/CVE-2018-7185" }, { "category": "external", "summary": "SUSE Bug 1082210 for CVE-2018-7185", "url": "https://bugzilla.suse.com/1082210" }, { "category": "external", "summary": "SUSE Bug 1083420 for CVE-2018-7185", "url": "https://bugzilla.suse.com/1083420" }, { "category": "external", "summary": "SUSE Bug 1087324 for CVE-2018-7185", "url": "https://bugzilla.suse.com/1087324" }, { "category": "external", "summary": "SUSE Bug 1089405 for CVE-2018-7185", "url": "https://bugzilla.suse.com/1089405" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.3.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.3.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-04-16T15:31:58Z", "details": "low" } ], "title": "CVE-2018-7185" } ] }
suse-su-2018:1464-1
Vulnerability from csaf_suse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for ntp", "title": "Title of the patch" }, { "category": "description", "text": "This update for ntp fixes the following issues:\n\n- Update to 4.2.8p11 (bsc#1082210):\n * CVE-2016-1549: Sybil vulnerability: ephemeral association\n attack. While fixed in ntp-4.2.8p7, there are significant\n additional protections for this issue in 4.2.8p11.\n * CVE-2018-7182: ctl_getitem(): buffer read overrun\n leads to undefined behavior and information leak. (bsc#1083426)\n * CVE-2018-7170: Multiple authenticated ephemeral\n associations. (bsc#1083424)\n * CVE-2018-7184: Interleaved symmetric mode cannot\n recover from bad state. (bsc#1083422)\n * CVE-2018-7185: Unauthenticated packet can reset\n authenticated interleaved association. (bsc#1083420)\n * CVE-2018-7183: ntpq:decodearr() can write beyond its\n buffer limit.(bsc#1083417)\n- Don\u0027t use libevent\u0027s cached time stamps in sntp. (bsc#1077445)\n- Fix systemd migration in %pre (bsc#1034892).\n\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-SLE-SERVER-12-2018-1000", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1464-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2018:1464-1", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181464-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2018:1464-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-May/004098.html" }, { "category": "self", "summary": "SUSE Bug 1034892", "url": "https://bugzilla.suse.com/1034892" }, { "category": "self", "summary": "SUSE Bug 1077445", "url": "https://bugzilla.suse.com/1077445" }, { "category": "self", "summary": "SUSE Bug 1082063", "url": "https://bugzilla.suse.com/1082063" }, { "category": "self", "summary": "SUSE Bug 1082210", "url": "https://bugzilla.suse.com/1082210" }, { "category": "self", "summary": "SUSE Bug 1083417", "url": "https://bugzilla.suse.com/1083417" }, { "category": "self", "summary": "SUSE Bug 1083420", "url": "https://bugzilla.suse.com/1083420" }, { "category": "self", "summary": "SUSE Bug 1083422", "url": "https://bugzilla.suse.com/1083422" }, { "category": "self", "summary": "SUSE Bug 1083424", "url": "https://bugzilla.suse.com/1083424" }, { "category": "self", "summary": "SUSE Bug 1083426", "url": "https://bugzilla.suse.com/1083426" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1549 page", "url": "https://www.suse.com/security/cve/CVE-2016-1549/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-7170 page", "url": "https://www.suse.com/security/cve/CVE-2018-7170/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-7182 page", "url": "https://www.suse.com/security/cve/CVE-2018-7182/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-7183 page", "url": "https://www.suse.com/security/cve/CVE-2018-7183/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-7184 page", "url": "https://www.suse.com/security/cve/CVE-2018-7184/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-7185 page", "url": "https://www.suse.com/security/cve/CVE-2018-7185/" } ], "title": "Security update for ntp", "tracking": { "current_release_date": "2018-05-29T14:44:40Z", "generator": { "date": "2018-05-29T14:44:40Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2018:1464-1", "initial_release_date": "2018-05-29T14:44:40Z", "revision_history": [ { "date": "2018-05-29T14:44:40Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p11-46.26.2.ppc64le", "product": { "name": "ntp-4.2.8p11-46.26.2.ppc64le", "product_id": "ntp-4.2.8p11-46.26.2.ppc64le" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p11-46.26.2.ppc64le", "product": { "name": "ntp-doc-4.2.8p11-46.26.2.ppc64le", "product_id": "ntp-doc-4.2.8p11-46.26.2.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p11-46.26.2.s390x", "product": { "name": "ntp-4.2.8p11-46.26.2.s390x", "product_id": "ntp-4.2.8p11-46.26.2.s390x" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p11-46.26.2.s390x", "product": { "name": "ntp-doc-4.2.8p11-46.26.2.s390x", "product_id": "ntp-doc-4.2.8p11-46.26.2.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p11-46.26.2.x86_64", "product": { "name": "ntp-4.2.8p11-46.26.2.x86_64", "product_id": "ntp-4.2.8p11-46.26.2.x86_64" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p11-46.26.2.x86_64", "product": { "name": "ntp-doc-4.2.8p11-46.26.2.x86_64", "product_id": "ntp-doc-4.2.8p11-46.26.2.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Server 12-LTSS", "product": { "name": "SUSE Linux Enterprise Server 12-LTSS", "product_id": "SUSE Linux Enterprise Server 12-LTSS", "product_identification_helper": { "cpe": "cpe:/o:suse:sles-ltss:12" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-46.26.2.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS", "product_id": "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.ppc64le" }, "product_reference": "ntp-4.2.8p11-46.26.2.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-46.26.2.s390x as component of SUSE Linux Enterprise Server 12-LTSS", "product_id": "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.s390x" }, "product_reference": "ntp-4.2.8p11-46.26.2.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-46.26.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS", "product_id": "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.x86_64" }, "product_reference": "ntp-4.2.8p11-46.26.2.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-46.26.2.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS", "product_id": "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.ppc64le" }, "product_reference": "ntp-doc-4.2.8p11-46.26.2.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-46.26.2.s390x as component of SUSE Linux Enterprise Server 12-LTSS", "product_id": "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.s390x" }, "product_reference": "ntp-doc-4.2.8p11-46.26.2.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-46.26.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS", "product_id": "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.x86_64" }, "product_reference": "ntp-doc-4.2.8p11-46.26.2.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-1549", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1549" } ], "notes": [ { "category": "general", "text": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1549", "url": "https://www.suse.com/security/cve/CVE-2016-1549" }, { "category": "external", "summary": "SUSE Bug 1083424 for CVE-2016-1549", "url": "https://bugzilla.suse.com/1083424" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1549", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977451 for CVE-2016-1549", "url": "https://bugzilla.suse.com/977451" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-05-29T14:44:40Z", "details": "low" } ], "title": "CVE-2016-1549" }, { "cve": "CVE-2018-7170", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-7170" } ], "notes": [ { "category": "general", "text": "ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim\u0027s clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-7170", "url": "https://www.suse.com/security/cve/CVE-2018-7170" }, { "category": "external", "summary": "SUSE Bug 1082210 for CVE-2018-7170", "url": "https://bugzilla.suse.com/1082210" }, { "category": "external", "summary": "SUSE Bug 1083424 for CVE-2018-7170", "url": "https://bugzilla.suse.com/1083424" }, { "category": "external", "summary": "SUSE Bug 1087324 for CVE-2018-7170", "url": "https://bugzilla.suse.com/1087324" }, { "category": "external", "summary": "SUSE Bug 1098531 for CVE-2018-7170", "url": "https://bugzilla.suse.com/1098531" }, { "category": "external", "summary": "SUSE Bug 1155513 for CVE-2018-7170", "url": "https://bugzilla.suse.com/1155513" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-05-29T14:44:40Z", "details": "low" } ], "title": "CVE-2018-7170" }, { "cve": "CVE-2018-7182", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-7182" } ], "notes": [ { "category": "general", "text": "The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-7182", "url": "https://www.suse.com/security/cve/CVE-2018-7182" }, { "category": "external", "summary": "SUSE Bug 1082210 for CVE-2018-7182", "url": "https://bugzilla.suse.com/1082210" }, { "category": "external", "summary": "SUSE Bug 1083426 for CVE-2018-7182", "url": "https://bugzilla.suse.com/1083426" }, { "category": "external", "summary": "SUSE Bug 1087324 for CVE-2018-7182", "url": "https://bugzilla.suse.com/1087324" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-05-29T14:44:40Z", "details": "moderate" } ], "title": "CVE-2018-7182" }, { "cve": "CVE-2018-7183", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-7183" } ], "notes": [ { "category": "general", "text": "Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-7183", "url": "https://www.suse.com/security/cve/CVE-2018-7183" }, { "category": "external", "summary": "SUSE Bug 1082210 for CVE-2018-7183", "url": "https://bugzilla.suse.com/1082210" }, { "category": "external", "summary": "SUSE Bug 1083417 for CVE-2018-7183", "url": "https://bugzilla.suse.com/1083417" }, { "category": "external", "summary": "SUSE Bug 1087324 for CVE-2018-7183", "url": "https://bugzilla.suse.com/1087324" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-05-29T14:44:40Z", "details": "moderate" } ], "title": "CVE-2018-7183" }, { "cve": "CVE-2018-7184", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-7184" } ], "notes": [ { "category": "general", "text": "ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the \"received\" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-7184", "url": "https://www.suse.com/security/cve/CVE-2018-7184" }, { "category": "external", "summary": "SUSE Bug 1082210 for CVE-2018-7184", "url": "https://bugzilla.suse.com/1082210" }, { "category": "external", "summary": "SUSE Bug 1083422 for CVE-2018-7184", "url": "https://bugzilla.suse.com/1083422" }, { "category": "external", "summary": "SUSE Bug 1087324 for CVE-2018-7184", "url": "https://bugzilla.suse.com/1087324" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-05-29T14:44:40Z", "details": "low" } ], "title": "CVE-2018-7184" }, { "cve": "CVE-2018-7185", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-7185" } ], "notes": [ { "category": "general", "text": "The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the \"other side\" of an interleaved association causing the victim ntpd to reset its association.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-7185", "url": "https://www.suse.com/security/cve/CVE-2018-7185" }, { "category": "external", "summary": "SUSE Bug 1082210 for CVE-2018-7185", "url": "https://bugzilla.suse.com/1082210" }, { "category": "external", "summary": "SUSE Bug 1083420 for CVE-2018-7185", "url": "https://bugzilla.suse.com/1083420" }, { "category": "external", "summary": "SUSE Bug 1087324 for CVE-2018-7185", "url": "https://bugzilla.suse.com/1087324" }, { "category": "external", "summary": "SUSE Bug 1089405 for CVE-2018-7185", "url": "https://bugzilla.suse.com/1089405" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-4.2.8p11-46.26.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.ppc64le", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.s390x", "SUSE Linux Enterprise Server 12-LTSS:ntp-doc-4.2.8p11-46.26.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-05-29T14:44:40Z", "details": "low" } ], "title": "CVE-2018-7185" } ] }
suse-su-2018:1765-2
Vulnerability from csaf_suse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for ntp", "title": "Title of the patch" }, { "category": "description", "text": "This update for ntp fixes the following issues:\n\n- Update to 4.2.8p11 (bsc#1082210):\n * CVE-2016-1549: Sybil vulnerability: ephemeral association\n attack. While fixed in ntp-4.2.8p7, there are significant\n additional protections for this issue in 4.2.8p11.\n * CVE-2018-7182: ctl_getitem(): buffer read overrun\n leads to undefined behavior and information leak. (bsc#1083426)\n * CVE-2018-7170: Multiple authenticated ephemeral\n associations. (bsc#1083424)\n * CVE-2018-7184: Interleaved symmetric mode cannot\n recover from bad state. (bsc#1083422)\n * CVE-2018-7185: Unauthenticated packet can reset\n authenticated interleaved association. (bsc#1083420)\n * CVE-2018-7183: ntpq:decodearr() can write beyond its\n buffer limit.(bsc#1083417)\n- Don\u0027t use libevent\u0027s cached time stamps in sntp. (bsc#1077445)\n\nThis update is a reissue of the previous update with LTSS channels included.\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-SLE-SERVER-12-SP2-BCL-2018-1188", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1765-2.json" }, { "category": "self", "summary": "URL for SUSE-SU-2018:1765-2", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181765-2/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2018:1765-2", "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-October/004720.html" }, { "category": "self", "summary": "SUSE Bug 1077445", "url": "https://bugzilla.suse.com/1077445" }, { "category": "self", "summary": "SUSE Bug 1082063", "url": "https://bugzilla.suse.com/1082063" }, { "category": "self", "summary": "SUSE Bug 1082210", "url": "https://bugzilla.suse.com/1082210" }, { "category": "self", "summary": "SUSE Bug 1083417", "url": "https://bugzilla.suse.com/1083417" }, { "category": "self", "summary": "SUSE Bug 1083420", "url": "https://bugzilla.suse.com/1083420" }, { "category": "self", "summary": "SUSE Bug 1083422", "url": "https://bugzilla.suse.com/1083422" }, { "category": "self", "summary": "SUSE Bug 1083424", "url": "https://bugzilla.suse.com/1083424" }, { "category": "self", "summary": "SUSE Bug 1083426", "url": "https://bugzilla.suse.com/1083426" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1549 page", "url": "https://www.suse.com/security/cve/CVE-2016-1549/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-7170 page", "url": "https://www.suse.com/security/cve/CVE-2018-7170/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-7182 page", "url": "https://www.suse.com/security/cve/CVE-2018-7182/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-7183 page", "url": "https://www.suse.com/security/cve/CVE-2018-7183/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-7184 page", "url": "https://www.suse.com/security/cve/CVE-2018-7184/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-7185 page", "url": "https://www.suse.com/security/cve/CVE-2018-7185/" } ], "title": "Security update for ntp", "tracking": { "current_release_date": "2018-10-18T12:46:59Z", "generator": { "date": "2018-10-18T12:46:59Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2018:1765-2", "initial_release_date": "2018-10-18T12:46:59Z", "revision_history": [ { "date": "2018-10-18T12:46:59Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p11-64.5.1.x86_64", "product": { "name": "ntp-4.2.8p11-64.5.1.x86_64", "product_id": "ntp-4.2.8p11-64.5.1.x86_64" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p11-64.5.1.x86_64", "product": { "name": "ntp-doc-4.2.8p11-64.5.1.x86_64", "product_id": "ntp-doc-4.2.8p11-64.5.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Server 12 SP2-BCL", "product": { "name": "SUSE Linux Enterprise Server 12 SP2-BCL", "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL", "product_identification_helper": { "cpe": "cpe:/o:suse:sles-bcl:12:sp2" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p11-64.5.1.x86_64" }, "product_reference": "ntp-4.2.8p11-64.5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p11-64.5.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p11-64.5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-1549", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1549" } ], "notes": [ { "category": "general", "text": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p11-64.5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1549", "url": "https://www.suse.com/security/cve/CVE-2016-1549" }, { "category": "external", "summary": "SUSE Bug 1083424 for CVE-2016-1549", "url": "https://bugzilla.suse.com/1083424" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1549", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977451 for CVE-2016-1549", "url": "https://bugzilla.suse.com/977451" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p11-64.5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p11-64.5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-10-18T12:46:59Z", "details": "low" } ], "title": "CVE-2016-1549" }, { "cve": "CVE-2018-7170", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-7170" } ], "notes": [ { "category": "general", "text": "ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim\u0027s clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p11-64.5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-7170", "url": "https://www.suse.com/security/cve/CVE-2018-7170" }, { "category": "external", "summary": "SUSE Bug 1082210 for CVE-2018-7170", "url": "https://bugzilla.suse.com/1082210" }, { "category": "external", "summary": "SUSE Bug 1083424 for CVE-2018-7170", "url": "https://bugzilla.suse.com/1083424" }, { "category": "external", "summary": "SUSE Bug 1087324 for CVE-2018-7170", "url": "https://bugzilla.suse.com/1087324" }, { "category": "external", "summary": "SUSE Bug 1098531 for CVE-2018-7170", "url": "https://bugzilla.suse.com/1098531" }, { "category": "external", "summary": "SUSE Bug 1155513 for CVE-2018-7170", "url": "https://bugzilla.suse.com/1155513" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p11-64.5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p11-64.5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-10-18T12:46:59Z", "details": "low" } ], "title": "CVE-2018-7170" }, { "cve": "CVE-2018-7182", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-7182" } ], "notes": [ { "category": "general", "text": "The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p11-64.5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-7182", "url": "https://www.suse.com/security/cve/CVE-2018-7182" }, { "category": "external", "summary": "SUSE Bug 1082210 for CVE-2018-7182", "url": "https://bugzilla.suse.com/1082210" }, { "category": "external", "summary": "SUSE Bug 1083426 for CVE-2018-7182", "url": "https://bugzilla.suse.com/1083426" }, { "category": "external", "summary": "SUSE Bug 1087324 for CVE-2018-7182", "url": "https://bugzilla.suse.com/1087324" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p11-64.5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p11-64.5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-10-18T12:46:59Z", "details": "moderate" } ], "title": "CVE-2018-7182" }, { "cve": "CVE-2018-7183", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-7183" } ], "notes": [ { "category": "general", "text": "Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p11-64.5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-7183", "url": "https://www.suse.com/security/cve/CVE-2018-7183" }, { "category": "external", "summary": "SUSE Bug 1082210 for CVE-2018-7183", "url": "https://bugzilla.suse.com/1082210" }, { "category": "external", "summary": "SUSE Bug 1083417 for CVE-2018-7183", "url": "https://bugzilla.suse.com/1083417" }, { "category": "external", "summary": "SUSE Bug 1087324 for CVE-2018-7183", "url": "https://bugzilla.suse.com/1087324" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p11-64.5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p11-64.5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-10-18T12:46:59Z", "details": "moderate" } ], "title": "CVE-2018-7183" }, { "cve": "CVE-2018-7184", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-7184" } ], "notes": [ { "category": "general", "text": "ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the \"received\" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p11-64.5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-7184", "url": "https://www.suse.com/security/cve/CVE-2018-7184" }, { "category": "external", "summary": "SUSE Bug 1082210 for CVE-2018-7184", "url": "https://bugzilla.suse.com/1082210" }, { "category": "external", "summary": "SUSE Bug 1083422 for CVE-2018-7184", "url": "https://bugzilla.suse.com/1083422" }, { "category": "external", "summary": "SUSE Bug 1087324 for CVE-2018-7184", "url": "https://bugzilla.suse.com/1087324" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p11-64.5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p11-64.5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-10-18T12:46:59Z", "details": "low" } ], "title": "CVE-2018-7184" }, { "cve": "CVE-2018-7185", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-7185" } ], "notes": [ { "category": "general", "text": "The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the \"other side\" of an interleaved association causing the victim ntpd to reset its association.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p11-64.5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-7185", "url": "https://www.suse.com/security/cve/CVE-2018-7185" }, { "category": "external", "summary": "SUSE Bug 1082210 for CVE-2018-7185", "url": "https://bugzilla.suse.com/1082210" }, { "category": "external", "summary": "SUSE Bug 1083420 for CVE-2018-7185", "url": "https://bugzilla.suse.com/1083420" }, { "category": "external", "summary": "SUSE Bug 1087324 for CVE-2018-7185", "url": "https://bugzilla.suse.com/1087324" }, { "category": "external", "summary": "SUSE Bug 1089405 for CVE-2018-7185", "url": "https://bugzilla.suse.com/1089405" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p11-64.5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p11-64.5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-10-18T12:46:59Z", "details": "low" } ], "title": "CVE-2018-7185" } ] }
suse-su-2016:1291-1
Vulnerability from csaf_suse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for ntp", "title": "Title of the patch" }, { "category": "description", "text": "\nThis update for ntp to 4.2.8p7 fixes the following issues:\n\n* CVE-2016-1547, bsc#977459:\n Validate crypto-NAKs, AKA: CRYPTO-NAK DoS.\n* CVE-2016-1548, bsc#977461: Interleave-pivot\n* CVE-2016-1549, bsc#977451:\n Sybil vulnerability: ephemeral association attack.\n* CVE-2016-1550, bsc#977464: Improve NTP security against buffer\n comparison timing attacks.\n* CVE-2016-1551, bsc#977450:\n Refclock impersonation vulnerability\n* CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig\n directives will cause an assertion botch in ntpd.\n* CVE-2016-2517, bsc#977455: remote configuration trustedkey/\n requestkey/controlkey values are not properly validated.\n* CVE-2016-2518, bsc#977457: Crafted addpeer with hmode \u003e 7\n causes array wraparound with MATCH_ASSOC.\n* CVE-2016-2519, bsc#977458: ctl_getitem() return value not\n always checked.\n* This update also improves the fixes for:\n CVE-2015-7704, CVE-2015-7705, CVE-2015-7974\n\nBugs fixed:\n- Restrict the parser in the startup script to the first\n occurrance of \u0027keys\u0027 and \u0027controlkey\u0027 in ntp.conf (bsc#957226).\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-SLE-DESKTOP-12-SP1-2016-764,SUSE-SLE-SERVER-12-SP1-2016-764", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1291-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2016:1291-1", "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20161291-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2016:1291-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2016-May/002057.html" }, { "category": "self", "summary": "SUSE Bug 957226", "url": "https://bugzilla.suse.com/957226" }, { "category": "self", "summary": "SUSE Bug 977446", "url": "https://bugzilla.suse.com/977446" }, { "category": "self", "summary": "SUSE Bug 977450", "url": "https://bugzilla.suse.com/977450" }, { "category": "self", "summary": "SUSE Bug 977451", "url": "https://bugzilla.suse.com/977451" }, { "category": "self", "summary": "SUSE Bug 977452", "url": "https://bugzilla.suse.com/977452" }, { "category": "self", "summary": "SUSE Bug 977455", "url": "https://bugzilla.suse.com/977455" }, { "category": "self", "summary": "SUSE Bug 977457", "url": "https://bugzilla.suse.com/977457" }, { "category": "self", "summary": "SUSE Bug 977458", "url": "https://bugzilla.suse.com/977458" }, { "category": "self", "summary": "SUSE Bug 977459", "url": "https://bugzilla.suse.com/977459" }, { "category": "self", "summary": "SUSE Bug 977461", "url": "https://bugzilla.suse.com/977461" }, { "category": "self", "summary": "SUSE Bug 977464", "url": "https://bugzilla.suse.com/977464" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7704 page", "url": "https://www.suse.com/security/cve/CVE-2015-7704/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7705 page", "url": "https://www.suse.com/security/cve/CVE-2015-7705/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7974 page", "url": "https://www.suse.com/security/cve/CVE-2015-7974/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1547 page", "url": "https://www.suse.com/security/cve/CVE-2016-1547/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1548 page", "url": "https://www.suse.com/security/cve/CVE-2016-1548/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1549 page", "url": "https://www.suse.com/security/cve/CVE-2016-1549/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1550 page", "url": "https://www.suse.com/security/cve/CVE-2016-1550/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1551 page", "url": "https://www.suse.com/security/cve/CVE-2016-1551/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-2516 page", "url": "https://www.suse.com/security/cve/CVE-2016-2516/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-2517 page", "url": "https://www.suse.com/security/cve/CVE-2016-2517/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-2518 page", "url": "https://www.suse.com/security/cve/CVE-2016-2518/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-2519 page", "url": "https://www.suse.com/security/cve/CVE-2016-2519/" } ], "title": "Security update for ntp", "tracking": { "current_release_date": "2016-05-12T14:58:24Z", "generator": { "date": "2016-05-12T14:58:24Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2016:1291-1", "initial_release_date": "2016-05-12T14:58:24Z", "revision_history": [ { "date": "2016-05-12T14:58:24Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p7-11.1.ppc64le", "product": { "name": "ntp-4.2.8p7-11.1.ppc64le", "product_id": "ntp-4.2.8p7-11.1.ppc64le" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p7-11.1.ppc64le", "product": { "name": "ntp-doc-4.2.8p7-11.1.ppc64le", "product_id": "ntp-doc-4.2.8p7-11.1.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p7-11.1.s390x", "product": { "name": "ntp-4.2.8p7-11.1.s390x", "product_id": "ntp-4.2.8p7-11.1.s390x" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p7-11.1.s390x", "product": { "name": "ntp-doc-4.2.8p7-11.1.s390x", "product_id": "ntp-doc-4.2.8p7-11.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p7-11.1.x86_64", "product": { "name": "ntp-4.2.8p7-11.1.x86_64", "product_id": "ntp-4.2.8p7-11.1.x86_64" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p7-11.1.x86_64", "product": { "name": "ntp-doc-4.2.8p7-11.1.x86_64", "product_id": "ntp-doc-4.2.8p7-11.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Desktop 12 SP1", "product": { "name": "SUSE Linux Enterprise Desktop 12 SP1", "product_id": "SUSE Linux Enterprise Desktop 12 SP1", "product_identification_helper": { "cpe": "cpe:/o:suse:sled:12:sp1" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 12 SP1", "product": { "name": "SUSE Linux Enterprise Server 12 SP1", "product_id": "SUSE Linux Enterprise Server 12 SP1", "product_identification_helper": { "cpe": "cpe:/o:suse:sles:12:sp1" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:12:sp1" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-11.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1", "product_id": "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64" }, "product_reference": "ntp-4.2.8p7-11.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-11.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1", "product_id": "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p7-11.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-11.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1", "product_id": "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le" }, "product_reference": "ntp-4.2.8p7-11.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-11.1.s390x as component of SUSE Linux Enterprise Server 12 SP1", "product_id": "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x" }, "product_reference": "ntp-4.2.8p7-11.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-11.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1", "product_id": "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64" }, "product_reference": "ntp-4.2.8p7-11.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-11.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1", "product_id": "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le" }, "product_reference": "ntp-doc-4.2.8p7-11.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-11.1.s390x as component of SUSE Linux Enterprise Server 12 SP1", "product_id": "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x" }, "product_reference": "ntp-doc-4.2.8p7-11.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-11.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1", "product_id": "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p7-11.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-11.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le" }, "product_reference": "ntp-4.2.8p7-11.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-11.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x" }, "product_reference": "ntp-4.2.8p7-11.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-11.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64" }, "product_reference": "ntp-4.2.8p7-11.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-11.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le" }, "product_reference": "ntp-doc-4.2.8p7-11.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-11.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x" }, "product_reference": "ntp-doc-4.2.8p7-11.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-11.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p7-11.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1" } ] }, "vulnerabilities": [ { "cve": "CVE-2015-7704", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7704" } ], "notes": [ { "category": "general", "text": "The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted \"KOD\" messages.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7704", "url": "https://www.suse.com/security/cve/CVE-2015-7704" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7704", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7704", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 952611 for CVE-2015-7704", "url": "https://bugzilla.suse.com/952611" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7704", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2015-7704", "url": "https://bugzilla.suse.com/977446" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-12T14:58:24Z", "details": "important" } ], "title": "CVE-2015-7704" }, { "cve": "CVE-2015-7705", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7705" } ], "notes": [ { "category": "general", "text": "The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7705", "url": "https://www.suse.com/security/cve/CVE-2015-7705" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7705", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7705", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 952611 for CVE-2015-7705", "url": "https://bugzilla.suse.com/952611" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7705", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-12T14:58:24Z", "details": "critical" } ], "title": "CVE-2015-7705" }, { "cve": "CVE-2015-7974", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7974" } ], "notes": [ { "category": "general", "text": "NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\"", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7974", "url": "https://www.suse.com/security/cve/CVE-2015-7974" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7974", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962960 for CVE-2015-7974", "url": "https://bugzilla.suse.com/962960" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7974", "url": "https://bugzilla.suse.com/962995" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-12T14:58:24Z", "details": "low" } ], "title": "CVE-2015-7974" }, { "cve": "CVE-2016-1547", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1547" } ], "notes": [ { "category": "general", "text": "An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1547", "url": "https://www.suse.com/security/cve/CVE-2016-1547" }, { "category": "external", "summary": "SUSE Bug 962784 for CVE-2016-1547", "url": "https://bugzilla.suse.com/962784" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1547", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977459 for CVE-2016-1547", "url": "https://bugzilla.suse.com/977459" }, { "category": "external", "summary": "SUSE Bug 982064 for CVE-2016-1547", "url": "https://bugzilla.suse.com/982064" }, { "category": "external", "summary": "SUSE Bug 982065 for CVE-2016-1547", "url": "https://bugzilla.suse.com/982065" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-12T14:58:24Z", "details": "moderate" } ], "title": "CVE-2016-1547" }, { "cve": "CVE-2016-1548", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1548" } ], "notes": [ { "category": "general", "text": "An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer-\u003edst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1548", "url": "https://www.suse.com/security/cve/CVE-2016-1548" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2016-1548", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1548", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977461 for CVE-2016-1548", "url": "https://bugzilla.suse.com/977461" }, { "category": "external", "summary": "SUSE Bug 982068 for CVE-2016-1548", "url": "https://bugzilla.suse.com/982068" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-12T14:58:24Z", "details": "moderate" } ], "title": "CVE-2016-1548" }, { "cve": "CVE-2016-1549", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1549" } ], "notes": [ { "category": "general", "text": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1549", "url": "https://www.suse.com/security/cve/CVE-2016-1549" }, { "category": "external", "summary": "SUSE Bug 1083424 for CVE-2016-1549", "url": "https://bugzilla.suse.com/1083424" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1549", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977451 for CVE-2016-1549", "url": "https://bugzilla.suse.com/977451" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-12T14:58:24Z", "details": "low" } ], "title": "CVE-2016-1549" }, { "cve": "CVE-2016-1550", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1550" } ], "notes": [ { "category": "general", "text": "An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1550", "url": "https://www.suse.com/security/cve/CVE-2016-1550" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1550", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977464 for CVE-2016-1550", "url": "https://bugzilla.suse.com/977464" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-12T14:58:24Z", "details": "low" } ], "title": "CVE-2016-1550" }, { "cve": "CVE-2016-1551", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1551" } ], "notes": [ { "category": "general", "text": "ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock\u0027s peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1551", "url": "https://www.suse.com/security/cve/CVE-2016-1551" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1551", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977450 for CVE-2016-1551", "url": "https://bugzilla.suse.com/977450" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-12T14:58:24Z", "details": "low" } ], "title": "CVE-2016-1551" }, { "cve": "CVE-2016-2516", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-2516" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-2516", "url": "https://www.suse.com/security/cve/CVE-2016-2516" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-2516", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977452 for CVE-2016-2516", "url": "https://bugzilla.suse.com/977452" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-12T14:58:24Z", "details": "moderate" } ], "title": "CVE-2016-2516" }, { "cve": "CVE-2016-2517", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-2517" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-2517", "url": "https://www.suse.com/security/cve/CVE-2016-2517" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-2517", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977455 for CVE-2016-2517", "url": "https://bugzilla.suse.com/977455" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-12T14:58:24Z", "details": "moderate" } ], "title": "CVE-2016-2517" }, { "cve": "CVE-2016-2518", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-2518" } ], "notes": [ { "category": "general", "text": "The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-2518", "url": "https://www.suse.com/security/cve/CVE-2016-2518" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-2518", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977457 for CVE-2016-2518", "url": "https://bugzilla.suse.com/977457" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-12T14:58:24Z", "details": "low" } ], "title": "CVE-2016-2518" }, { "cve": "CVE-2016-2519", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-2519" } ], "notes": [ { "category": "general", "text": "ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-2519", "url": "https://www.suse.com/security/cve/CVE-2016-2519" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2016-2519", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-2519", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977458 for CVE-2016-2519", "url": "https://bugzilla.suse.com/977458" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-12T14:58:24Z", "details": "moderate" } ], "title": "CVE-2016-2519" } ] }
suse-su-2018:1765-1
Vulnerability from csaf_suse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for ntp", "title": "Title of the patch" }, { "category": "description", "text": "This update for ntp fixes the following issues:\n\n- Update to 4.2.8p11 (bsc#1082210):\n * CVE-2016-1549: Sybil vulnerability: ephemeral association\n attack. While fixed in ntp-4.2.8p7, there are significant\n additional protections for this issue in 4.2.8p11.\n * CVE-2018-7182: ctl_getitem(): buffer read overrun\n leads to undefined behavior and information leak. (bsc#1083426)\n * CVE-2018-7170: Multiple authenticated ephemeral\n associations. (bsc#1083424)\n * CVE-2018-7184: Interleaved symmetric mode cannot\n recover from bad state. (bsc#1083422)\n * CVE-2018-7185: Unauthenticated packet can reset\n authenticated interleaved association. (bsc#1083420)\n * CVE-2018-7183: ntpq:decodearr() can write beyond its\n buffer limit.(bsc#1083417)\n- Don\u0027t use libevent\u0027s cached time stamps in sntp. (bsc#1077445)\n\nThis update is a reissue of the previous update with LTSS channels included.\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-OpenStack-Cloud-7-2018-1188,SUSE-SLE-DESKTOP-12-SP3-2018-1188,SUSE-SLE-SAP-12-SP1-2018-1188,SUSE-SLE-SAP-12-SP2-2018-1188,SUSE-SLE-SERVER-12-SP1-2018-1188,SUSE-SLE-SERVER-12-SP2-2018-1188,SUSE-SLE-SERVER-12-SP3-2018-1188,SUSE-Storage-4-2018-1188", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1765-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2018:1765-1", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181765-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2018:1765-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-June/004208.html" }, { "category": "self", "summary": "SUSE Bug 1077445", "url": "https://bugzilla.suse.com/1077445" }, { "category": "self", "summary": "SUSE Bug 1082063", "url": "https://bugzilla.suse.com/1082063" }, { "category": "self", "summary": "SUSE Bug 1082210", "url": "https://bugzilla.suse.com/1082210" }, { "category": "self", "summary": "SUSE Bug 1083417", "url": "https://bugzilla.suse.com/1083417" }, { "category": "self", "summary": "SUSE Bug 1083420", "url": "https://bugzilla.suse.com/1083420" }, { "category": "self", "summary": "SUSE Bug 1083422", "url": "https://bugzilla.suse.com/1083422" }, { "category": "self", "summary": "SUSE Bug 1083424", "url": "https://bugzilla.suse.com/1083424" }, { "category": "self", "summary": "SUSE Bug 1083426", "url": "https://bugzilla.suse.com/1083426" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1549 page", "url": "https://www.suse.com/security/cve/CVE-2016-1549/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-7170 page", "url": "https://www.suse.com/security/cve/CVE-2018-7170/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-7182 page", "url": "https://www.suse.com/security/cve/CVE-2018-7182/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-7183 page", "url": "https://www.suse.com/security/cve/CVE-2018-7183/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-7184 page", "url": "https://www.suse.com/security/cve/CVE-2018-7184/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-7185 page", "url": "https://www.suse.com/security/cve/CVE-2018-7185/" } ], "title": "Security update for ntp", "tracking": { "current_release_date": "2018-06-20T13:46:39Z", "generator": { "date": "2018-06-20T13:46:39Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2018:1765-1", "initial_release_date": "2018-06-20T13:46:39Z", "revision_history": [ { "date": "2018-06-20T13:46:39Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p11-64.5.1.aarch64", "product": { "name": "ntp-4.2.8p11-64.5.1.aarch64", "product_id": "ntp-4.2.8p11-64.5.1.aarch64" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p11-64.5.1.aarch64", "product": { "name": "ntp-doc-4.2.8p11-64.5.1.aarch64", "product_id": "ntp-doc-4.2.8p11-64.5.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p11-64.5.1.ppc64le", "product": { "name": "ntp-4.2.8p11-64.5.1.ppc64le", "product_id": "ntp-4.2.8p11-64.5.1.ppc64le" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p11-64.5.1.ppc64le", "product": { "name": "ntp-doc-4.2.8p11-64.5.1.ppc64le", "product_id": "ntp-doc-4.2.8p11-64.5.1.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p11-64.5.1.s390x", "product": { "name": "ntp-4.2.8p11-64.5.1.s390x", "product_id": "ntp-4.2.8p11-64.5.1.s390x" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p11-64.5.1.s390x", "product": { "name": "ntp-doc-4.2.8p11-64.5.1.s390x", "product_id": "ntp-doc-4.2.8p11-64.5.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p11-64.5.1.x86_64", "product": { "name": "ntp-4.2.8p11-64.5.1.x86_64", "product_id": "ntp-4.2.8p11-64.5.1.x86_64" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p11-64.5.1.x86_64", "product": { "name": "ntp-doc-4.2.8p11-64.5.1.x86_64", "product_id": "ntp-doc-4.2.8p11-64.5.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE OpenStack Cloud 7", "product": { "name": "SUSE OpenStack Cloud 7", "product_id": "SUSE OpenStack Cloud 7", "product_identification_helper": { "cpe": "cpe:/o:suse:suse-openstack-cloud:7" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Desktop 12 SP3", "product": { "name": "SUSE Linux Enterprise Desktop 12 SP3", "product_id": "SUSE Linux Enterprise Desktop 12 SP3", "product_identification_helper": { "cpe": "cpe:/o:suse:sled:12:sp3" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:12:sp1" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:12:sp2" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 12 SP1-LTSS", "product": { "name": "SUSE Linux Enterprise Server 12 SP1-LTSS", "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS", "product_identification_helper": { "cpe": "cpe:/o:suse:sles-ltss:12:sp1" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 12 SP2-LTSS", "product": { "name": "SUSE Linux Enterprise Server 12 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS", "product_identification_helper": { "cpe": "cpe:/o:suse:sles-ltss:12:sp2" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 12 SP3", "product": { "name": "SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3", "product_identification_helper": { "cpe": "cpe:/o:suse:sles:12:sp3" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:12:sp3" } } }, { "category": "product_name", "name": "SUSE Enterprise Storage 4", "product": { "name": "SUSE Enterprise Storage 4", "product_id": "SUSE Enterprise Storage 4", "product_identification_helper": { "cpe": "cpe:/o:suse:ses:4" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.5.1.s390x as component of SUSE OpenStack Cloud 7", "product_id": "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.s390x" }, "product_reference": "ntp-4.2.8p11-64.5.1.s390x", "relates_to_product_reference": "SUSE OpenStack Cloud 7" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.5.1.x86_64 as component of SUSE OpenStack Cloud 7", "product_id": "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.x86_64" }, "product_reference": "ntp-4.2.8p11-64.5.1.x86_64", "relates_to_product_reference": "SUSE OpenStack Cloud 7" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.5.1.s390x as component of SUSE OpenStack Cloud 7", "product_id": "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.s390x" }, "product_reference": "ntp-doc-4.2.8p11-64.5.1.s390x", "relates_to_product_reference": "SUSE OpenStack Cloud 7" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.5.1.x86_64 as component of SUSE OpenStack Cloud 7", "product_id": "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p11-64.5.1.x86_64", "relates_to_product_reference": "SUSE OpenStack Cloud 7" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.5.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3", "product_id": "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.5.1.x86_64" }, "product_reference": "ntp-4.2.8p11-64.5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.5.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3", "product_id": "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p11-64.5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.ppc64le" }, "product_reference": "ntp-4.2.8p11-64.5.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.x86_64" }, "product_reference": "ntp-4.2.8p11-64.5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.ppc64le" }, "product_reference": "ntp-doc-4.2.8p11-64.5.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p11-64.5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.ppc64le" }, "product_reference": "ntp-4.2.8p11-64.5.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.x86_64" }, "product_reference": "ntp-4.2.8p11-64.5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.ppc64le" }, "product_reference": "ntp-doc-4.2.8p11-64.5.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p11-64.5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.5.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS", "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.ppc64le" }, "product_reference": "ntp-4.2.8p11-64.5.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.5.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS", "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.s390x" }, "product_reference": "ntp-4.2.8p11-64.5.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS", "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.x86_64" }, "product_reference": "ntp-4.2.8p11-64.5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.5.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS", "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le" }, "product_reference": "ntp-doc-4.2.8p11-64.5.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.5.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS", "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x" }, "product_reference": "ntp-doc-4.2.8p11-64.5.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS", "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p11-64.5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.5.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.ppc64le" }, "product_reference": "ntp-4.2.8p11-64.5.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.5.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.s390x" }, "product_reference": "ntp-4.2.8p11-64.5.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.x86_64" }, "product_reference": "ntp-4.2.8p11-64.5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.5.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le" }, "product_reference": "ntp-doc-4.2.8p11-64.5.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.5.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x" }, "product_reference": "ntp-doc-4.2.8p11-64.5.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p11-64.5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.5.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.aarch64" }, "product_reference": "ntp-4.2.8p11-64.5.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.5.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le" }, "product_reference": "ntp-4.2.8p11-64.5.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.5.1.s390x as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.s390x" }, "product_reference": "ntp-4.2.8p11-64.5.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.x86_64" }, "product_reference": "ntp-4.2.8p11-64.5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.5.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64" }, "product_reference": "ntp-doc-4.2.8p11-64.5.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.5.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le" }, "product_reference": "ntp-doc-4.2.8p11-64.5.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.5.1.s390x as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x" }, "product_reference": "ntp-doc-4.2.8p11-64.5.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3", "product_id": "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p11-64.5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.5.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.aarch64" }, "product_reference": "ntp-4.2.8p11-64.5.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le" }, "product_reference": "ntp-4.2.8p11-64.5.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.5.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.s390x" }, "product_reference": "ntp-4.2.8p11-64.5.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.x86_64" }, "product_reference": "ntp-4.2.8p11-64.5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.5.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64" }, "product_reference": "ntp-doc-4.2.8p11-64.5.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le" }, "product_reference": "ntp-doc-4.2.8p11-64.5.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.5.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x" }, "product_reference": "ntp-doc-4.2.8p11-64.5.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p11-64.5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p11-64.5.1.x86_64 as component of SUSE Enterprise Storage 4", "product_id": "SUSE Enterprise Storage 4:ntp-4.2.8p11-64.5.1.x86_64" }, "product_reference": "ntp-4.2.8p11-64.5.1.x86_64", "relates_to_product_reference": "SUSE Enterprise Storage 4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p11-64.5.1.x86_64 as component of SUSE Enterprise Storage 4", "product_id": "SUSE Enterprise Storage 4:ntp-doc-4.2.8p11-64.5.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p11-64.5.1.x86_64", "relates_to_product_reference": "SUSE Enterprise Storage 4" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-1549", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1549" } ], "notes": [ { "category": "general", "text": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Enterprise Storage 4:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Enterprise Storage 4:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1549", "url": "https://www.suse.com/security/cve/CVE-2016-1549" }, { "category": "external", "summary": "SUSE Bug 1083424 for CVE-2016-1549", "url": "https://bugzilla.suse.com/1083424" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1549", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977451 for CVE-2016-1549", "url": "https://bugzilla.suse.com/977451" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Enterprise Storage 4:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Enterprise Storage 4:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "SUSE Enterprise Storage 4:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Enterprise Storage 4:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-06-20T13:46:39Z", "details": "low" } ], "title": "CVE-2016-1549" }, { "cve": "CVE-2018-7170", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-7170" } ], "notes": [ { "category": "general", "text": "ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim\u0027s clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Enterprise Storage 4:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Enterprise Storage 4:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-7170", "url": "https://www.suse.com/security/cve/CVE-2018-7170" }, { "category": "external", "summary": "SUSE Bug 1082210 for CVE-2018-7170", "url": "https://bugzilla.suse.com/1082210" }, { "category": "external", "summary": "SUSE Bug 1083424 for CVE-2018-7170", "url": "https://bugzilla.suse.com/1083424" }, { "category": "external", "summary": "SUSE Bug 1087324 for CVE-2018-7170", "url": "https://bugzilla.suse.com/1087324" }, { "category": "external", "summary": "SUSE Bug 1098531 for CVE-2018-7170", "url": "https://bugzilla.suse.com/1098531" }, { "category": "external", "summary": "SUSE Bug 1155513 for CVE-2018-7170", "url": "https://bugzilla.suse.com/1155513" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Enterprise Storage 4:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Enterprise Storage 4:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "SUSE Enterprise Storage 4:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Enterprise Storage 4:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-06-20T13:46:39Z", "details": "low" } ], "title": "CVE-2018-7170" }, { "cve": "CVE-2018-7182", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-7182" } ], "notes": [ { "category": "general", "text": "The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Enterprise Storage 4:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Enterprise Storage 4:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-7182", "url": "https://www.suse.com/security/cve/CVE-2018-7182" }, { "category": "external", "summary": "SUSE Bug 1082210 for CVE-2018-7182", "url": "https://bugzilla.suse.com/1082210" }, { "category": "external", "summary": "SUSE Bug 1083426 for CVE-2018-7182", "url": "https://bugzilla.suse.com/1083426" }, { "category": "external", "summary": "SUSE Bug 1087324 for CVE-2018-7182", "url": "https://bugzilla.suse.com/1087324" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Enterprise Storage 4:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Enterprise Storage 4:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "SUSE Enterprise Storage 4:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Enterprise Storage 4:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-06-20T13:46:39Z", "details": "moderate" } ], "title": "CVE-2018-7182" }, { "cve": "CVE-2018-7183", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-7183" } ], "notes": [ { "category": "general", "text": "Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Enterprise Storage 4:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Enterprise Storage 4:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-7183", "url": "https://www.suse.com/security/cve/CVE-2018-7183" }, { "category": "external", "summary": "SUSE Bug 1082210 for CVE-2018-7183", "url": "https://bugzilla.suse.com/1082210" }, { "category": "external", "summary": "SUSE Bug 1083417 for CVE-2018-7183", "url": "https://bugzilla.suse.com/1083417" }, { "category": "external", "summary": "SUSE Bug 1087324 for CVE-2018-7183", "url": "https://bugzilla.suse.com/1087324" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Enterprise Storage 4:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Enterprise Storage 4:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "SUSE Enterprise Storage 4:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Enterprise Storage 4:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-06-20T13:46:39Z", "details": "moderate" } ], "title": "CVE-2018-7183" }, { "cve": "CVE-2018-7184", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-7184" } ], "notes": [ { "category": "general", "text": "ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the \"received\" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Enterprise Storage 4:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Enterprise Storage 4:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-7184", "url": "https://www.suse.com/security/cve/CVE-2018-7184" }, { "category": "external", "summary": "SUSE Bug 1082210 for CVE-2018-7184", "url": "https://bugzilla.suse.com/1082210" }, { "category": "external", "summary": "SUSE Bug 1083422 for CVE-2018-7184", "url": "https://bugzilla.suse.com/1083422" }, { "category": "external", "summary": "SUSE Bug 1087324 for CVE-2018-7184", "url": "https://bugzilla.suse.com/1087324" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Enterprise Storage 4:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Enterprise Storage 4:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "SUSE Enterprise Storage 4:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Enterprise Storage 4:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-06-20T13:46:39Z", "details": "low" } ], "title": "CVE-2018-7184" }, { "cve": "CVE-2018-7185", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-7185" } ], "notes": [ { "category": "general", "text": "The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the \"other side\" of an interleaved association causing the victim ntpd to reset its association.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Enterprise Storage 4:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Enterprise Storage 4:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-7185", "url": "https://www.suse.com/security/cve/CVE-2018-7185" }, { "category": "external", "summary": "SUSE Bug 1082210 for CVE-2018-7185", "url": "https://bugzilla.suse.com/1082210" }, { "category": "external", "summary": "SUSE Bug 1083420 for CVE-2018-7185", "url": "https://bugzilla.suse.com/1083420" }, { "category": "external", "summary": "SUSE Bug 1087324 for CVE-2018-7185", "url": "https://bugzilla.suse.com/1087324" }, { "category": "external", "summary": "SUSE Bug 1089405 for CVE-2018-7185", "url": "https://bugzilla.suse.com/1089405" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Enterprise Storage 4:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Enterprise Storage 4:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "SUSE Enterprise Storage 4:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Enterprise Storage 4:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p11-64.5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-4.2.8p11-64.5.1.x86_64", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.s390x", "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p11-64.5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2018-06-20T13:46:39Z", "details": "low" } ], "title": "CVE-2018-7185" } ] }
suse-su-2016:1278-1
Vulnerability from csaf_suse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for ntp", "title": "Title of the patch" }, { "category": "description", "text": "\nThis update for ntp to 4.2.8p7 fixes the following issues:\n\n* CVE-2016-1547, bsc#977459:\n Validate crypto-NAKs, AKA: CRYPTO-NAK DoS.\n* CVE-2016-1548, bsc#977461: Interleave-pivot\n* CVE-2016-1549, bsc#977451:\n Sybil vulnerability: ephemeral association attack.\n* CVE-2016-1550, bsc#977464: Improve NTP security against buffer\n comparison timing attacks.\n* CVE-2016-1551, bsc#977450:\n Refclock impersonation vulnerability\n* CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig\n directives will cause an assertion botch in ntpd.\n* CVE-2016-2517, bsc#977455: remote configuration trustedkey/\n requestkey/controlkey values are not properly validated.\n* CVE-2016-2518, bsc#977457: Crafted addpeer with hmode \u003e 7\n causes array wraparound with MATCH_ASSOC.\n* CVE-2016-2519, bsc#977458: ctl_getitem() return value not\n always checked.\n* This update also improves the fixes for:\n CVE-2015-7704, CVE-2015-7705, CVE-2015-7974\n\nBugs fixed:\n- Restrict the parser in the startup script to the first\n occurrance of \u0027keys\u0027 and \u0027controlkey\u0027 in ntp.conf (bsc#957226).\n", "title": "Description of the patch" }, { "category": "details", "text": "slessp4-ntp-12553", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1278-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2016:1278-1", "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20161278-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2016:1278-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2016-May/002054.html" }, { "category": "self", "summary": "SUSE Bug 957226", "url": "https://bugzilla.suse.com/957226" }, { "category": "self", "summary": "SUSE Bug 977446", "url": "https://bugzilla.suse.com/977446" }, { "category": "self", "summary": "SUSE Bug 977450", "url": "https://bugzilla.suse.com/977450" }, { "category": "self", "summary": "SUSE Bug 977451", "url": "https://bugzilla.suse.com/977451" }, { "category": "self", "summary": "SUSE Bug 977452", "url": "https://bugzilla.suse.com/977452" }, { "category": "self", "summary": "SUSE Bug 977455", "url": "https://bugzilla.suse.com/977455" }, { "category": "self", "summary": "SUSE Bug 977457", "url": "https://bugzilla.suse.com/977457" }, { "category": "self", "summary": "SUSE Bug 977458", "url": "https://bugzilla.suse.com/977458" }, { "category": "self", "summary": "SUSE Bug 977459", "url": "https://bugzilla.suse.com/977459" }, { "category": "self", "summary": "SUSE Bug 977461", "url": "https://bugzilla.suse.com/977461" }, { "category": "self", "summary": "SUSE Bug 977464", "url": "https://bugzilla.suse.com/977464" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7704 page", "url": "https://www.suse.com/security/cve/CVE-2015-7704/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7705 page", "url": "https://www.suse.com/security/cve/CVE-2015-7705/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7974 page", "url": "https://www.suse.com/security/cve/CVE-2015-7974/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1547 page", "url": "https://www.suse.com/security/cve/CVE-2016-1547/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1548 page", "url": "https://www.suse.com/security/cve/CVE-2016-1548/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1549 page", "url": "https://www.suse.com/security/cve/CVE-2016-1549/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1550 page", "url": "https://www.suse.com/security/cve/CVE-2016-1550/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1551 page", "url": "https://www.suse.com/security/cve/CVE-2016-1551/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-2516 page", "url": "https://www.suse.com/security/cve/CVE-2016-2516/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-2517 page", "url": "https://www.suse.com/security/cve/CVE-2016-2517/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-2518 page", "url": "https://www.suse.com/security/cve/CVE-2016-2518/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-2519 page", "url": "https://www.suse.com/security/cve/CVE-2016-2519/" } ], "title": "Security update for ntp", "tracking": { "current_release_date": "2016-05-11T12:37:44Z", "generator": { "date": "2016-05-11T12:37:44Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2016:1278-1", "initial_release_date": "2016-05-11T12:37:44Z", "revision_history": [ { "date": "2016-05-11T12:37:44Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p7-11.1.i586", "product": { "name": "ntp-4.2.8p7-11.1.i586", "product_id": "ntp-4.2.8p7-11.1.i586" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p7-11.1.i586", "product": { "name": "ntp-doc-4.2.8p7-11.1.i586", "product_id": "ntp-doc-4.2.8p7-11.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p7-11.1.ia64", "product": { "name": "ntp-4.2.8p7-11.1.ia64", "product_id": "ntp-4.2.8p7-11.1.ia64" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p7-11.1.ia64", "product": { "name": "ntp-doc-4.2.8p7-11.1.ia64", "product_id": "ntp-doc-4.2.8p7-11.1.ia64" } } ], "category": "architecture", "name": "ia64" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p7-11.1.ppc64", "product": { "name": "ntp-4.2.8p7-11.1.ppc64", "product_id": "ntp-4.2.8p7-11.1.ppc64" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p7-11.1.ppc64", "product": { "name": "ntp-doc-4.2.8p7-11.1.ppc64", "product_id": "ntp-doc-4.2.8p7-11.1.ppc64" } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p7-11.1.s390x", "product": { "name": "ntp-4.2.8p7-11.1.s390x", "product_id": "ntp-4.2.8p7-11.1.s390x" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p7-11.1.s390x", "product": { "name": "ntp-doc-4.2.8p7-11.1.s390x", "product_id": "ntp-doc-4.2.8p7-11.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p7-11.1.x86_64", "product": { "name": "ntp-4.2.8p7-11.1.x86_64", "product_id": "ntp-4.2.8p7-11.1.x86_64" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p7-11.1.x86_64", "product": { "name": "ntp-doc-4.2.8p7-11.1.x86_64", "product_id": "ntp-doc-4.2.8p7-11.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Server 11 SP4", "product": { "name": "SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_sles:11:sp4" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:11:sp4" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-11.1.i586 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586" }, "product_reference": "ntp-4.2.8p7-11.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-11.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64" }, "product_reference": "ntp-4.2.8p7-11.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-11.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64" }, "product_reference": "ntp-4.2.8p7-11.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-11.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x" }, "product_reference": "ntp-4.2.8p7-11.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-11.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64" }, "product_reference": "ntp-4.2.8p7-11.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-11.1.i586 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586" }, "product_reference": "ntp-doc-4.2.8p7-11.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-11.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64" }, "product_reference": "ntp-doc-4.2.8p7-11.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-11.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64" }, "product_reference": "ntp-doc-4.2.8p7-11.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-11.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x" }, "product_reference": "ntp-doc-4.2.8p7-11.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-11.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p7-11.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-11.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586" }, "product_reference": "ntp-4.2.8p7-11.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-11.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64" }, "product_reference": "ntp-4.2.8p7-11.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-11.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64" }, "product_reference": "ntp-4.2.8p7-11.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-11.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x" }, "product_reference": "ntp-4.2.8p7-11.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p7-11.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64" }, "product_reference": "ntp-4.2.8p7-11.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-11.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586" }, "product_reference": "ntp-doc-4.2.8p7-11.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-11.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64" }, "product_reference": "ntp-doc-4.2.8p7-11.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-11.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64" }, "product_reference": "ntp-doc-4.2.8p7-11.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-11.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x" }, "product_reference": "ntp-doc-4.2.8p7-11.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p7-11.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p7-11.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" } ] }, "vulnerabilities": [ { "cve": "CVE-2015-7704", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7704" } ], "notes": [ { "category": "general", "text": "The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted \"KOD\" messages.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7704", "url": "https://www.suse.com/security/cve/CVE-2015-7704" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7704", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7704", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 952611 for CVE-2015-7704", "url": "https://bugzilla.suse.com/952611" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7704", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2015-7704", "url": "https://bugzilla.suse.com/977446" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-11T12:37:44Z", "details": "important" } ], "title": "CVE-2015-7704" }, { "cve": "CVE-2015-7705", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7705" } ], "notes": [ { "category": "general", "text": "The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7705", "url": "https://www.suse.com/security/cve/CVE-2015-7705" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7705", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7705", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 952611 for CVE-2015-7705", "url": "https://bugzilla.suse.com/952611" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7705", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-11T12:37:44Z", "details": "critical" } ], "title": "CVE-2015-7705" }, { "cve": "CVE-2015-7974", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7974" } ], "notes": [ { "category": "general", "text": "NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\"", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7974", "url": "https://www.suse.com/security/cve/CVE-2015-7974" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7974", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962960 for CVE-2015-7974", "url": "https://bugzilla.suse.com/962960" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7974", "url": "https://bugzilla.suse.com/962995" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-11T12:37:44Z", "details": "low" } ], "title": "CVE-2015-7974" }, { "cve": "CVE-2016-1547", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1547" } ], "notes": [ { "category": "general", "text": "An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1547", "url": "https://www.suse.com/security/cve/CVE-2016-1547" }, { "category": "external", "summary": "SUSE Bug 962784 for CVE-2016-1547", "url": "https://bugzilla.suse.com/962784" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1547", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977459 for CVE-2016-1547", "url": "https://bugzilla.suse.com/977459" }, { "category": "external", "summary": "SUSE Bug 982064 for CVE-2016-1547", "url": "https://bugzilla.suse.com/982064" }, { "category": "external", "summary": "SUSE Bug 982065 for CVE-2016-1547", "url": "https://bugzilla.suse.com/982065" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-11T12:37:44Z", "details": "moderate" } ], "title": "CVE-2016-1547" }, { "cve": "CVE-2016-1548", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1548" } ], "notes": [ { "category": "general", "text": "An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer-\u003edst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1548", "url": "https://www.suse.com/security/cve/CVE-2016-1548" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2016-1548", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1548", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977461 for CVE-2016-1548", "url": "https://bugzilla.suse.com/977461" }, { "category": "external", "summary": "SUSE Bug 982068 for CVE-2016-1548", "url": "https://bugzilla.suse.com/982068" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-11T12:37:44Z", "details": "moderate" } ], "title": "CVE-2016-1548" }, { "cve": "CVE-2016-1549", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1549" } ], "notes": [ { "category": "general", "text": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1549", "url": "https://www.suse.com/security/cve/CVE-2016-1549" }, { "category": "external", "summary": "SUSE Bug 1083424 for CVE-2016-1549", "url": "https://bugzilla.suse.com/1083424" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1549", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977451 for CVE-2016-1549", "url": "https://bugzilla.suse.com/977451" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-11T12:37:44Z", "details": "low" } ], "title": "CVE-2016-1549" }, { "cve": "CVE-2016-1550", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1550" } ], "notes": [ { "category": "general", "text": "An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1550", "url": "https://www.suse.com/security/cve/CVE-2016-1550" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1550", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977464 for CVE-2016-1550", "url": "https://bugzilla.suse.com/977464" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-11T12:37:44Z", "details": "low" } ], "title": "CVE-2016-1550" }, { "cve": "CVE-2016-1551", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1551" } ], "notes": [ { "category": "general", "text": "ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock\u0027s peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1551", "url": "https://www.suse.com/security/cve/CVE-2016-1551" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1551", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977450 for CVE-2016-1551", "url": "https://bugzilla.suse.com/977450" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-11T12:37:44Z", "details": "low" } ], "title": "CVE-2016-1551" }, { "cve": "CVE-2016-2516", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-2516" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-2516", "url": "https://www.suse.com/security/cve/CVE-2016-2516" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-2516", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977452 for CVE-2016-2516", "url": "https://bugzilla.suse.com/977452" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-11T12:37:44Z", "details": "moderate" } ], "title": "CVE-2016-2516" }, { "cve": "CVE-2016-2517", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-2517" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-2517", "url": "https://www.suse.com/security/cve/CVE-2016-2517" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-2517", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977455 for CVE-2016-2517", "url": "https://bugzilla.suse.com/977455" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-11T12:37:44Z", "details": "moderate" } ], "title": "CVE-2016-2517" }, { "cve": "CVE-2016-2518", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-2518" } ], "notes": [ { "category": "general", "text": "The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-2518", "url": "https://www.suse.com/security/cve/CVE-2016-2518" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-2518", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977457 for CVE-2016-2518", "url": "https://bugzilla.suse.com/977457" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-11T12:37:44Z", "details": "low" } ], "title": "CVE-2016-2518" }, { "cve": "CVE-2016-2519", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-2519" } ], "notes": [ { "category": "general", "text": "ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-2519", "url": "https://www.suse.com/security/cve/CVE-2016-2519" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2016-2519", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-2519", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977458 for CVE-2016-2519", "url": "https://bugzilla.suse.com/977458" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p7-11.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p7-11.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-11T12:37:44Z", "details": "moderate" } ], "title": "CVE-2016-2519" } ] }
opensuse-su-2024:10181-1
Vulnerability from csaf_opensuse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "ntp-4.2.8p9-1.1 on GA media", "title": "Title of the patch" }, { "category": "description", "text": "These are all security issues fixed in the ntp-4.2.8p9-1.1 package on the GA media of openSUSE Tumbleweed.", "title": "Description of the patch" }, { "category": "details", "text": "openSUSE-Tumbleweed-2024-10181", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10181-1.json" }, { "category": "self", "summary": "SUSE CVE CVE-2009-0159 page", "url": "https://www.suse.com/security/cve/CVE-2009-0159/" }, { "category": "self", "summary": "SUSE CVE CVE-2009-1252 page", "url": "https://www.suse.com/security/cve/CVE-2009-1252/" }, { "category": "self", "summary": "SUSE CVE CVE-2013-5211 page", "url": "https://www.suse.com/security/cve/CVE-2013-5211/" }, { "category": "self", "summary": "SUSE CVE CVE-2014-9293 page", "url": "https://www.suse.com/security/cve/CVE-2014-9293/" }, { "category": "self", "summary": "SUSE CVE CVE-2014-9294 page", "url": "https://www.suse.com/security/cve/CVE-2014-9294/" }, { "category": "self", "summary": "SUSE CVE CVE-2014-9295 page", "url": "https://www.suse.com/security/cve/CVE-2014-9295/" }, { "category": "self", "summary": "SUSE CVE CVE-2014-9296 page", "url": "https://www.suse.com/security/cve/CVE-2014-9296/" }, { "category": "self", "summary": "SUSE CVE CVE-2014-9297 page", "url": "https://www.suse.com/security/cve/CVE-2014-9297/" }, { "category": "self", "summary": "SUSE CVE CVE-2014-9298 page", "url": "https://www.suse.com/security/cve/CVE-2014-9298/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-1798 page", "url": "https://www.suse.com/security/cve/CVE-2015-1798/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-1799 page", "url": "https://www.suse.com/security/cve/CVE-2015-1799/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-5300 page", "url": "https://www.suse.com/security/cve/CVE-2015-5300/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7691 page", "url": "https://www.suse.com/security/cve/CVE-2015-7691/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7692 page", "url": "https://www.suse.com/security/cve/CVE-2015-7692/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7701 page", "url": "https://www.suse.com/security/cve/CVE-2015-7701/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7702 page", "url": "https://www.suse.com/security/cve/CVE-2015-7702/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7703 page", "url": "https://www.suse.com/security/cve/CVE-2015-7703/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7704 page", "url": "https://www.suse.com/security/cve/CVE-2015-7704/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7705 page", "url": "https://www.suse.com/security/cve/CVE-2015-7705/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7848 page", "url": "https://www.suse.com/security/cve/CVE-2015-7848/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7849 page", "url": "https://www.suse.com/security/cve/CVE-2015-7849/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7850 page", "url": "https://www.suse.com/security/cve/CVE-2015-7850/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7851 page", "url": "https://www.suse.com/security/cve/CVE-2015-7851/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7852 page", "url": "https://www.suse.com/security/cve/CVE-2015-7852/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7853 page", "url": "https://www.suse.com/security/cve/CVE-2015-7853/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7854 page", "url": "https://www.suse.com/security/cve/CVE-2015-7854/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7855 page", "url": "https://www.suse.com/security/cve/CVE-2015-7855/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7871 page", "url": "https://www.suse.com/security/cve/CVE-2015-7871/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7973 page", "url": "https://www.suse.com/security/cve/CVE-2015-7973/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7974 page", "url": "https://www.suse.com/security/cve/CVE-2015-7974/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7975 page", "url": "https://www.suse.com/security/cve/CVE-2015-7975/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7976 page", "url": "https://www.suse.com/security/cve/CVE-2015-7976/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7977 page", "url": "https://www.suse.com/security/cve/CVE-2015-7977/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7978 page", "url": "https://www.suse.com/security/cve/CVE-2015-7978/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7979 page", "url": "https://www.suse.com/security/cve/CVE-2015-7979/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-8138 page", "url": "https://www.suse.com/security/cve/CVE-2015-8138/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-8158 page", "url": "https://www.suse.com/security/cve/CVE-2015-8158/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1547 page", "url": "https://www.suse.com/security/cve/CVE-2016-1547/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1548 page", "url": "https://www.suse.com/security/cve/CVE-2016-1548/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1549 page", "url": "https://www.suse.com/security/cve/CVE-2016-1549/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1550 page", "url": "https://www.suse.com/security/cve/CVE-2016-1550/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1551 page", "url": "https://www.suse.com/security/cve/CVE-2016-1551/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-2516 page", "url": "https://www.suse.com/security/cve/CVE-2016-2516/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-2517 page", "url": "https://www.suse.com/security/cve/CVE-2016-2517/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-2518 page", "url": "https://www.suse.com/security/cve/CVE-2016-2518/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-2519 page", "url": "https://www.suse.com/security/cve/CVE-2016-2519/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-4953 page", "url": "https://www.suse.com/security/cve/CVE-2016-4953/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-4954 page", "url": "https://www.suse.com/security/cve/CVE-2016-4954/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-4955 page", "url": "https://www.suse.com/security/cve/CVE-2016-4955/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-4956 page", "url": "https://www.suse.com/security/cve/CVE-2016-4956/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-4957 page", "url": "https://www.suse.com/security/cve/CVE-2016-4957/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-7426 page", "url": "https://www.suse.com/security/cve/CVE-2016-7426/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-7427 page", "url": "https://www.suse.com/security/cve/CVE-2016-7427/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-7428 page", "url": "https://www.suse.com/security/cve/CVE-2016-7428/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-7429 page", "url": "https://www.suse.com/security/cve/CVE-2016-7429/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-7431 page", "url": "https://www.suse.com/security/cve/CVE-2016-7431/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-7433 page", "url": "https://www.suse.com/security/cve/CVE-2016-7433/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-7434 page", "url": "https://www.suse.com/security/cve/CVE-2016-7434/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-9310 page", "url": "https://www.suse.com/security/cve/CVE-2016-9310/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-9311 page", "url": "https://www.suse.com/security/cve/CVE-2016-9311/" } ], "title": "ntp-4.2.8p9-1.1 on GA media", "tracking": { "current_release_date": "2024-06-15T00:00:00Z", "generator": { "date": "2024-06-15T00:00:00Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "openSUSE-SU-2024:10181-1", "initial_release_date": "2024-06-15T00:00:00Z", "revision_history": [ { "date": "2024-06-15T00:00:00Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p9-1.1.aarch64", "product": { "name": "ntp-4.2.8p9-1.1.aarch64", "product_id": "ntp-4.2.8p9-1.1.aarch64" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p9-1.1.aarch64", "product": { "name": "ntp-doc-4.2.8p9-1.1.aarch64", "product_id": "ntp-doc-4.2.8p9-1.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p9-1.1.ppc64le", "product": { "name": "ntp-4.2.8p9-1.1.ppc64le", "product_id": "ntp-4.2.8p9-1.1.ppc64le" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p9-1.1.ppc64le", "product": { "name": "ntp-doc-4.2.8p9-1.1.ppc64le", "product_id": "ntp-doc-4.2.8p9-1.1.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p9-1.1.s390x", "product": { "name": "ntp-4.2.8p9-1.1.s390x", "product_id": "ntp-4.2.8p9-1.1.s390x" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p9-1.1.s390x", "product": { "name": "ntp-doc-4.2.8p9-1.1.s390x", "product_id": "ntp-doc-4.2.8p9-1.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p9-1.1.x86_64", "product": { "name": "ntp-4.2.8p9-1.1.x86_64", "product_id": "ntp-4.2.8p9-1.1.x86_64" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p9-1.1.x86_64", "product": { "name": "ntp-doc-4.2.8p9-1.1.x86_64", "product_id": "ntp-doc-4.2.8p9-1.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "openSUSE Tumbleweed", "product": { "name": "openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed", "product_identification_helper": { "cpe": "cpe:/o:opensuse:tumbleweed" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p9-1.1.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64" }, "product_reference": "ntp-4.2.8p9-1.1.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p9-1.1.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le" }, "product_reference": "ntp-4.2.8p9-1.1.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p9-1.1.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x" }, "product_reference": "ntp-4.2.8p9-1.1.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p9-1.1.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64" }, "product_reference": "ntp-4.2.8p9-1.1.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p9-1.1.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64" }, "product_reference": "ntp-doc-4.2.8p9-1.1.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p9-1.1.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le" }, "product_reference": "ntp-doc-4.2.8p9-1.1.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p9-1.1.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x" }, "product_reference": "ntp-doc-4.2.8p9-1.1.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p9-1.1.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p9-1.1.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-0159", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2009-0159" } ], "notes": [ { "category": "general", "text": "Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2009-0159", "url": "https://www.suse.com/security/cve/CVE-2009-0159" }, { "category": "external", "summary": "SUSE Bug 484653 for CVE-2009-0159", "url": "https://bugzilla.suse.com/484653" }, { "category": "external", "summary": "SUSE Bug 501632 for CVE-2009-0159", "url": "https://bugzilla.suse.com/501632" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2009-0159" }, { "cve": "CVE-2009-1252", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2009-1252" } ], "notes": [ { "category": "general", "text": "Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2009-1252", "url": "https://www.suse.com/security/cve/CVE-2009-1252" }, { "category": "external", "summary": "SUSE Bug 501632 for CVE-2009-1252", "url": "https://bugzilla.suse.com/501632" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2009-1252" }, { "cve": "CVE-2013-5211", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2013-5211" } ], "notes": [ { "category": "general", "text": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2013-5211", "url": "https://www.suse.com/security/cve/CVE-2013-5211" }, { "category": "external", "summary": "SUSE Bug 857195 for CVE-2013-5211", "url": "https://bugzilla.suse.com/857195" }, { "category": "external", "summary": "SUSE Bug 889447 for CVE-2013-5211", "url": "https://bugzilla.suse.com/889447" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2013-5211", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2013-5211" }, { "cve": "CVE-2014-9293", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2014-9293" } ], "notes": [ { "category": "general", "text": "The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2014-9293", "url": "https://www.suse.com/security/cve/CVE-2014-9293" }, { "category": "external", "summary": "SUSE Bug 910764 for CVE-2014-9293", "url": "https://bugzilla.suse.com/910764" }, { "category": "external", "summary": "SUSE Bug 911053 for CVE-2014-9293", "url": "https://bugzilla.suse.com/911053" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2014-9293", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2014-9293", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2014-9293" }, { "cve": "CVE-2014-9294", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2014-9294" } ], "notes": [ { "category": "general", "text": "util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2014-9294", "url": "https://www.suse.com/security/cve/CVE-2014-9294" }, { "category": "external", "summary": "SUSE Bug 910764 for CVE-2014-9294", "url": "https://bugzilla.suse.com/910764" }, { "category": "external", "summary": "SUSE Bug 911053 for CVE-2014-9294", "url": "https://bugzilla.suse.com/911053" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2014-9294", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2014-9294", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2014-9294" }, { "cve": "CVE-2014-9295", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2014-9295" } ], "notes": [ { "category": "general", "text": "Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2014-9295", "url": "https://www.suse.com/security/cve/CVE-2014-9295" }, { "category": "external", "summary": "SUSE Bug 910764 for CVE-2014-9295", "url": "https://bugzilla.suse.com/910764" }, { "category": "external", "summary": "SUSE Bug 911053 for CVE-2014-9295", "url": "https://bugzilla.suse.com/911053" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2014-9295", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 916239 for CVE-2014-9295", "url": "https://bugzilla.suse.com/916239" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2014-9295", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2014-9295" }, { "cve": "CVE-2014-9296", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2014-9296" } ], "notes": [ { "category": "general", "text": "The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2014-9296", "url": "https://www.suse.com/security/cve/CVE-2014-9296" }, { "category": "external", "summary": "SUSE Bug 910764 for CVE-2014-9296", "url": "https://bugzilla.suse.com/910764" }, { "category": "external", "summary": "SUSE Bug 911053 for CVE-2014-9296", "url": "https://bugzilla.suse.com/911053" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2014-9296", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2014-9296", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2014-9296", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2014-9296" }, { "cve": "CVE-2014-9297", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2014-9297" } ], "notes": [ { "category": "general", "text": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2014-9297", "url": "https://www.suse.com/security/cve/CVE-2014-9297" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2014-9297", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 948963 for CVE-2014-9297", "url": "https://bugzilla.suse.com/948963" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2014-9297", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2014-9297" }, { "cve": "CVE-2014-9298", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2014-9298" } ], "notes": [ { "category": "general", "text": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2014-9298", "url": "https://www.suse.com/security/cve/CVE-2014-9298" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2014-9298", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 948963 for CVE-2014-9298", "url": "https://bugzilla.suse.com/948963" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2014-9298", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2014-9298" }, { "cve": "CVE-2015-1798", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-1798" } ], "notes": [ { "category": "general", "text": "The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-1798", "url": "https://www.suse.com/security/cve/CVE-2015-1798" }, { "category": "external", "summary": "SUSE Bug 924202 for CVE-2015-1798", "url": "https://bugzilla.suse.com/924202" }, { "category": "external", "summary": "SUSE Bug 927497 for CVE-2015-1798", "url": "https://bugzilla.suse.com/927497" }, { "category": "external", "summary": "SUSE Bug 928321 for CVE-2015-1798", "url": "https://bugzilla.suse.com/928321" }, { "category": "external", "summary": "SUSE Bug 936327 for CVE-2015-1798", "url": "https://bugzilla.suse.com/936327" }, { "category": "external", "summary": "SUSE Bug 957163 for CVE-2015-1798", "url": "https://bugzilla.suse.com/957163" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2015-1798" }, { "cve": "CVE-2015-1799", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-1799" } ], "notes": [ { "category": "general", "text": "The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-1799", "url": "https://www.suse.com/security/cve/CVE-2015-1799" }, { "category": "external", "summary": "SUSE Bug 924202 for CVE-2015-1799", "url": "https://bugzilla.suse.com/924202" }, { "category": "external", "summary": "SUSE Bug 927497 for CVE-2015-1799", "url": "https://bugzilla.suse.com/927497" }, { "category": "external", "summary": "SUSE Bug 928321 for CVE-2015-1799", "url": "https://bugzilla.suse.com/928321" }, { "category": "external", "summary": "SUSE Bug 936327 for CVE-2015-1799", "url": "https://bugzilla.suse.com/936327" }, { "category": "external", "summary": "SUSE Bug 943565 for CVE-2015-1799", "url": "https://bugzilla.suse.com/943565" }, { "category": "external", "summary": "SUSE Bug 957163 for CVE-2015-1799", "url": "https://bugzilla.suse.com/957163" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-1799", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962624 for CVE-2015-1799", "url": "https://bugzilla.suse.com/962624" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2015-1799" }, { "cve": "CVE-2015-5300", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-5300" } ], "notes": [ { "category": "general", "text": "The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-5300", "url": "https://www.suse.com/security/cve/CVE-2015-5300" }, { "category": "external", "summary": "SUSE Bug 951629 for CVE-2015-5300", "url": "https://bugzilla.suse.com/951629" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-5300", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962624 for CVE-2015-5300", "url": "https://bugzilla.suse.com/962624" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2015-5300" }, { "cve": "CVE-2015-7691", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7691" } ], "notes": [ { "category": "general", "text": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7691", "url": "https://www.suse.com/security/cve/CVE-2015-7691" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7691", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2015-7691", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7691", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7691", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7691", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2015-7691" }, { "cve": "CVE-2015-7692", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7692" } ], "notes": [ { "category": "general", "text": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7692", "url": "https://www.suse.com/security/cve/CVE-2015-7692" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7692", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2015-7692", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7692", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7692", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7692", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2015-7692" }, { "cve": "CVE-2015-7701", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7701" } ], "notes": [ { "category": "general", "text": "Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7701", "url": "https://www.suse.com/security/cve/CVE-2015-7701" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7701", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7701", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7701", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7701", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2015-7701" }, { "cve": "CVE-2015-7702", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7702" } ], "notes": [ { "category": "general", "text": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7702", "url": "https://www.suse.com/security/cve/CVE-2015-7702" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7702", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2015-7702", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7702", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7702", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7702", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2015-7702" }, { "cve": "CVE-2015-7703", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7703" } ], "notes": [ { "category": "general", "text": "The \"pidfile\" or \"driftfile\" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7703", "url": "https://www.suse.com/security/cve/CVE-2015-7703" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7703", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 943216 for CVE-2015-7703", "url": "https://bugzilla.suse.com/943216" }, { "category": "external", "summary": "SUSE Bug 943218 for CVE-2015-7703", "url": "https://bugzilla.suse.com/943218" }, { "category": "external", "summary": "SUSE Bug 943219 for CVE-2015-7703", "url": "https://bugzilla.suse.com/943219" }, { "category": "external", "summary": "SUSE Bug 943221 for CVE-2015-7703", "url": "https://bugzilla.suse.com/943221" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7703", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7703", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2015-7703" }, { "cve": "CVE-2015-7704", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7704" } ], "notes": [ { "category": "general", "text": "The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted \"KOD\" messages.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7704", "url": "https://www.suse.com/security/cve/CVE-2015-7704" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7704", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7704", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 952611 for CVE-2015-7704", "url": "https://bugzilla.suse.com/952611" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7704", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2015-7704", "url": "https://bugzilla.suse.com/977446" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2015-7704" }, { "cve": "CVE-2015-7705", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7705" } ], "notes": [ { "category": "general", "text": "The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7705", "url": "https://www.suse.com/security/cve/CVE-2015-7705" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7705", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7705", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 952611 for CVE-2015-7705", "url": "https://bugzilla.suse.com/952611" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7705", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "critical" } ], "title": "CVE-2015-7705" }, { "cve": "CVE-2015-7848", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7848" } ], "notes": [ { "category": "general", "text": "An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7848", "url": "https://www.suse.com/security/cve/CVE-2015-7848" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7848", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7848", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7848", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7848", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2015-7848" }, { "cve": "CVE-2015-7849", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7849" } ], "notes": [ { "category": "general", "text": "Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7849", "url": "https://www.suse.com/security/cve/CVE-2015-7849" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7849", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7849", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7849", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7849", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2015-7849" }, { "cve": "CVE-2015-7850", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7850" } ], "notes": [ { "category": "general", "text": "ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7850", "url": "https://www.suse.com/security/cve/CVE-2015-7850" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7850", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7850", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7850", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7850", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2015-7850" }, { "cve": "CVE-2015-7851", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7851" } ], "notes": [ { "category": "general", "text": "Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use \u0027\\\u0027 or \u0027/\u0027 characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7851", "url": "https://www.suse.com/security/cve/CVE-2015-7851" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7851", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7851", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7851", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2015-7851" }, { "cve": "CVE-2015-7852", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7852" } ], "notes": [ { "category": "general", "text": "ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7852", "url": "https://www.suse.com/security/cve/CVE-2015-7852" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7852", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7852", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7852", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7852", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2015-7852" }, { "cve": "CVE-2015-7853", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7853" } ], "notes": [ { "category": "general", "text": "The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7853", "url": "https://www.suse.com/security/cve/CVE-2015-7853" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7853", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7853", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7853", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7853", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "critical" } ], "title": "CVE-2015-7853" }, { "cve": "CVE-2015-7854", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7854" } ], "notes": [ { "category": "general", "text": "Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7854", "url": "https://www.suse.com/security/cve/CVE-2015-7854" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7854", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7854", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7854", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7854", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2015-7854" }, { "cve": "CVE-2015-7855", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7855" } ], "notes": [ { "category": "general", "text": "The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7855", "url": "https://www.suse.com/security/cve/CVE-2015-7855" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7855", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7855", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7855", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7855", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2015-7855" }, { "cve": "CVE-2015-7871", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7871" } ], "notes": [ { "category": "general", "text": "Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7871", "url": "https://www.suse.com/security/cve/CVE-2015-7871" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7871", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7871", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 952606 for CVE-2015-7871", "url": "https://bugzilla.suse.com/952606" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7871", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "critical" } ], "title": "CVE-2015-7871" }, { "cve": "CVE-2015-7973", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7973" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7973", "url": "https://www.suse.com/security/cve/CVE-2015-7973" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7973", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7973", "url": "https://bugzilla.suse.com/962995" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2015-7973" }, { "cve": "CVE-2015-7974", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7974" } ], "notes": [ { "category": "general", "text": "NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\"", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7974", "url": "https://www.suse.com/security/cve/CVE-2015-7974" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7974", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962960 for CVE-2015-7974", "url": "https://bugzilla.suse.com/962960" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7974", "url": "https://bugzilla.suse.com/962995" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2015-7974" }, { "cve": "CVE-2015-7975", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7975" } ], "notes": [ { "category": "general", "text": "The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7975", "url": "https://www.suse.com/security/cve/CVE-2015-7975" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7975", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962988 for CVE-2015-7975", "url": "https://bugzilla.suse.com/962988" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7975", "url": "https://bugzilla.suse.com/962995" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2015-7975" }, { "cve": "CVE-2015-7976", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7976" } ], "notes": [ { "category": "general", "text": "The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7976", "url": "https://www.suse.com/security/cve/CVE-2015-7976" }, { "category": "external", "summary": "SUSE Bug 962802 for CVE-2015-7976", "url": "https://bugzilla.suse.com/962802" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7976", "url": "https://bugzilla.suse.com/962995" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2015-7976" }, { "cve": "CVE-2015-7977", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7977" } ], "notes": [ { "category": "general", "text": "ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7977", "url": "https://www.suse.com/security/cve/CVE-2015-7977" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7977", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962970 for CVE-2015-7977", "url": "https://bugzilla.suse.com/962970" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7977", "url": "https://bugzilla.suse.com/962995" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2015-7977" }, { "cve": "CVE-2015-7978", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7978" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7978", "url": "https://www.suse.com/security/cve/CVE-2015-7978" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7978", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962970 for CVE-2015-7978", "url": "https://bugzilla.suse.com/962970" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7978", "url": "https://bugzilla.suse.com/962995" }, { "category": "external", "summary": "SUSE Bug 963000 for CVE-2015-7978", "url": "https://bugzilla.suse.com/963000" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2015-7978" }, { "cve": "CVE-2015-7979", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7979" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7979", "url": "https://www.suse.com/security/cve/CVE-2015-7979" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7979", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962784 for CVE-2015-7979", "url": "https://bugzilla.suse.com/962784" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7979", "url": "https://bugzilla.suse.com/962995" }, { "category": "external", "summary": "SUSE Bug 977459 for CVE-2015-7979", "url": "https://bugzilla.suse.com/977459" }, { "category": "external", "summary": "SUSE Bug 982065 for CVE-2015-7979", "url": "https://bugzilla.suse.com/982065" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2015-7979" }, { "cve": "CVE-2015-8138", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-8138" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-8138", "url": "https://www.suse.com/security/cve/CVE-2015-8138" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-8138", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-8138", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 963002 for CVE-2015-8138", "url": "https://bugzilla.suse.com/963002" }, { "category": "external", "summary": "SUSE Bug 974668 for CVE-2015-8138", "url": "https://bugzilla.suse.com/974668" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2015-8138", "url": "https://bugzilla.suse.com/977446" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2015-8138" }, { "cve": "CVE-2015-8158", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-8158" } ], "notes": [ { "category": "general", "text": "The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-8158", "url": "https://www.suse.com/security/cve/CVE-2015-8158" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-8158", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962966 for CVE-2015-8158", "url": "https://bugzilla.suse.com/962966" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2015-8158" }, { "cve": "CVE-2016-1547", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1547" } ], "notes": [ { "category": "general", "text": "An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1547", "url": "https://www.suse.com/security/cve/CVE-2016-1547" }, { "category": "external", "summary": "SUSE Bug 962784 for CVE-2016-1547", "url": "https://bugzilla.suse.com/962784" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1547", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977459 for CVE-2016-1547", "url": "https://bugzilla.suse.com/977459" }, { "category": "external", "summary": "SUSE Bug 982064 for CVE-2016-1547", "url": "https://bugzilla.suse.com/982064" }, { "category": "external", "summary": "SUSE Bug 982065 for CVE-2016-1547", "url": "https://bugzilla.suse.com/982065" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-1547" }, { "cve": "CVE-2016-1548", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1548" } ], "notes": [ { "category": "general", "text": "An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer-\u003edst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1548", "url": "https://www.suse.com/security/cve/CVE-2016-1548" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2016-1548", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1548", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977461 for CVE-2016-1548", "url": "https://bugzilla.suse.com/977461" }, { "category": "external", "summary": "SUSE Bug 982068 for CVE-2016-1548", "url": "https://bugzilla.suse.com/982068" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-1548" }, { "cve": "CVE-2016-1549", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1549" } ], "notes": [ { "category": "general", "text": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1549", "url": "https://www.suse.com/security/cve/CVE-2016-1549" }, { "category": "external", "summary": "SUSE Bug 1083424 for CVE-2016-1549", "url": "https://bugzilla.suse.com/1083424" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1549", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977451 for CVE-2016-1549", "url": "https://bugzilla.suse.com/977451" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2016-1549" }, { "cve": "CVE-2016-1550", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1550" } ], "notes": [ { "category": "general", "text": "An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1550", "url": "https://www.suse.com/security/cve/CVE-2016-1550" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1550", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977464 for CVE-2016-1550", "url": "https://bugzilla.suse.com/977464" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2016-1550" }, { "cve": "CVE-2016-1551", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1551" } ], "notes": [ { "category": "general", "text": "ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock\u0027s peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1551", "url": "https://www.suse.com/security/cve/CVE-2016-1551" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1551", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977450 for CVE-2016-1551", "url": "https://bugzilla.suse.com/977450" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2016-1551" }, { "cve": "CVE-2016-2516", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-2516" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-2516", "url": "https://www.suse.com/security/cve/CVE-2016-2516" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-2516", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977452 for CVE-2016-2516", "url": "https://bugzilla.suse.com/977452" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-2516" }, { "cve": "CVE-2016-2517", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-2517" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-2517", "url": "https://www.suse.com/security/cve/CVE-2016-2517" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-2517", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977455 for CVE-2016-2517", "url": "https://bugzilla.suse.com/977455" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-2517" }, { "cve": "CVE-2016-2518", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-2518" } ], "notes": [ { "category": "general", "text": "The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-2518", "url": "https://www.suse.com/security/cve/CVE-2016-2518" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-2518", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977457 for CVE-2016-2518", "url": "https://bugzilla.suse.com/977457" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2016-2518" }, { "cve": "CVE-2016-2519", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-2519" } ], "notes": [ { "category": "general", "text": "ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-2519", "url": "https://www.suse.com/security/cve/CVE-2016-2519" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2016-2519", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-2519", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977458 for CVE-2016-2519", "url": "https://bugzilla.suse.com/977458" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-2519" }, { "cve": "CVE-2016-4953", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-4953" } ], "notes": [ { "category": "general", "text": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-4953", "url": "https://www.suse.com/security/cve/CVE-2016-4953" }, { "category": "external", "summary": "SUSE Bug 962784 for CVE-2016-4953", "url": "https://bugzilla.suse.com/962784" }, { "category": "external", "summary": "SUSE Bug 977459 for CVE-2016-4953", "url": "https://bugzilla.suse.com/977459" }, { "category": "external", "summary": "SUSE Bug 982056 for CVE-2016-4953", "url": "https://bugzilla.suse.com/982056" }, { "category": "external", "summary": "SUSE Bug 982065 for CVE-2016-4953", "url": "https://bugzilla.suse.com/982065" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-4953" }, { "cve": "CVE-2016-4954", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-4954" } ], "notes": [ { "category": "general", "text": "The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-4954", "url": "https://www.suse.com/security/cve/CVE-2016-4954" }, { "category": "external", "summary": "SUSE Bug 982056 for CVE-2016-4954", "url": "https://bugzilla.suse.com/982056" }, { "category": "external", "summary": "SUSE Bug 982066 for CVE-2016-4954", "url": "https://bugzilla.suse.com/982066" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2016-4954" }, { "cve": "CVE-2016-4955", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-4955" } ], "notes": [ { "category": "general", "text": "ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-4955", "url": "https://www.suse.com/security/cve/CVE-2016-4955" }, { "category": "external", "summary": "SUSE Bug 982056 for CVE-2016-4955", "url": "https://bugzilla.suse.com/982056" }, { "category": "external", "summary": "SUSE Bug 982067 for CVE-2016-4955", "url": "https://bugzilla.suse.com/982067" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2016-4955" }, { "cve": "CVE-2016-4956", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-4956" } ], "notes": [ { "category": "general", "text": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-4956", "url": "https://www.suse.com/security/cve/CVE-2016-4956" }, { "category": "external", "summary": "SUSE Bug 977461 for CVE-2016-4956", "url": "https://bugzilla.suse.com/977461" }, { "category": "external", "summary": "SUSE Bug 982056 for CVE-2016-4956", "url": "https://bugzilla.suse.com/982056" }, { "category": "external", "summary": "SUSE Bug 982068 for CVE-2016-4956", "url": "https://bugzilla.suse.com/982068" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2016-4956" }, { "cve": "CVE-2016-4957", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-4957" } ], "notes": [ { "category": "general", "text": "ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-4957", "url": "https://www.suse.com/security/cve/CVE-2016-4957" }, { "category": "external", "summary": "SUSE Bug 977459 for CVE-2016-4957", "url": "https://bugzilla.suse.com/977459" }, { "category": "external", "summary": "SUSE Bug 982056 for CVE-2016-4957", "url": "https://bugzilla.suse.com/982056" }, { "category": "external", "summary": "SUSE Bug 982064 for CVE-2016-4957", "url": "https://bugzilla.suse.com/982064" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-4957" }, { "cve": "CVE-2016-7426", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-7426" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-7426", "url": "https://www.suse.com/security/cve/CVE-2016-7426" }, { "category": "external", "summary": "SUSE Bug 1011406 for CVE-2016-7426", "url": "https://bugzilla.suse.com/1011406" }, { "category": "external", "summary": "SUSE Bug 1011421 for CVE-2016-7426", "url": "https://bugzilla.suse.com/1011421" }, { "category": "external", "summary": "SUSE Bug 1012330 for CVE-2016-7426", "url": "https://bugzilla.suse.com/1012330" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-7426" }, { "cve": "CVE-2016-7427", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-7427" } ], "notes": [ { "category": "general", "text": "The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-7427", "url": "https://www.suse.com/security/cve/CVE-2016-7427" }, { "category": "external", "summary": "SUSE Bug 1011390 for CVE-2016-7427", "url": "https://bugzilla.suse.com/1011390" }, { "category": "external", "summary": "SUSE Bug 1011421 for CVE-2016-7427", "url": "https://bugzilla.suse.com/1011421" }, { "category": "external", "summary": "SUSE Bug 1012330 for CVE-2016-7427", "url": "https://bugzilla.suse.com/1012330" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2016-7427" }, { "cve": "CVE-2016-7428", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-7428" } ], "notes": [ { "category": "general", "text": "ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-7428", "url": "https://www.suse.com/security/cve/CVE-2016-7428" }, { "category": "external", "summary": "SUSE Bug 1011417 for CVE-2016-7428", "url": "https://bugzilla.suse.com/1011417" }, { "category": "external", "summary": "SUSE Bug 1011421 for CVE-2016-7428", "url": "https://bugzilla.suse.com/1011421" }, { "category": "external", "summary": "SUSE Bug 1012330 for CVE-2016-7428", "url": "https://bugzilla.suse.com/1012330" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-7428" }, { "cve": "CVE-2016-7429", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-7429" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-7429", "url": "https://www.suse.com/security/cve/CVE-2016-7429" }, { "category": "external", "summary": "SUSE Bug 1011404 for CVE-2016-7429", "url": "https://bugzilla.suse.com/1011404" }, { "category": "external", "summary": "SUSE Bug 1011421 for CVE-2016-7429", "url": "https://bugzilla.suse.com/1011421" }, { "category": "external", "summary": "SUSE Bug 1012330 for CVE-2016-7429", "url": "https://bugzilla.suse.com/1012330" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2016-7429" }, { "cve": "CVE-2016-7431", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-7431" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-7431", "url": "https://www.suse.com/security/cve/CVE-2016-7431" }, { "category": "external", "summary": "SUSE Bug 1011395 for CVE-2016-7431", "url": "https://bugzilla.suse.com/1011395" }, { "category": "external", "summary": "SUSE Bug 1011421 for CVE-2016-7431", "url": "https://bugzilla.suse.com/1011421" }, { "category": "external", "summary": "SUSE Bug 1012330 for CVE-2016-7431", "url": "https://bugzilla.suse.com/1012330" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-7431" }, { "cve": "CVE-2016-7433", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-7433" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a \"root distance that did not include the peer dispersion.\"", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-7433", "url": "https://www.suse.com/security/cve/CVE-2016-7433" }, { "category": "external", "summary": "SUSE Bug 1011411 for CVE-2016-7433", "url": "https://bugzilla.suse.com/1011411" }, { "category": "external", "summary": "SUSE Bug 1011421 for CVE-2016-7433", "url": "https://bugzilla.suse.com/1011421" }, { "category": "external", "summary": "SUSE Bug 1012330 for CVE-2016-7433", "url": "https://bugzilla.suse.com/1012330" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2016-7433" }, { "cve": "CVE-2016-7434", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-7434" } ], "notes": [ { "category": "general", "text": "The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-7434", "url": "https://www.suse.com/security/cve/CVE-2016-7434" }, { "category": "external", "summary": "SUSE Bug 1011398 for CVE-2016-7434", "url": "https://bugzilla.suse.com/1011398" }, { "category": "external", "summary": "SUSE Bug 1011421 for CVE-2016-7434", "url": "https://bugzilla.suse.com/1011421" }, { "category": "external", "summary": "SUSE Bug 1012330 for CVE-2016-7434", "url": "https://bugzilla.suse.com/1012330" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-7434" }, { "cve": "CVE-2016-9310", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-9310" } ], "notes": [ { "category": "general", "text": "The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-9310", "url": "https://www.suse.com/security/cve/CVE-2016-9310" }, { "category": "external", "summary": "SUSE Bug 1011377 for CVE-2016-9310", "url": "https://bugzilla.suse.com/1011377" }, { "category": "external", "summary": "SUSE Bug 1011421 for CVE-2016-9310", "url": "https://bugzilla.suse.com/1011421" }, { "category": "external", "summary": "SUSE Bug 1012330 for CVE-2016-9310", "url": "https://bugzilla.suse.com/1012330" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-9310" }, { "cve": "CVE-2016-9311", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-9311" } ], "notes": [ { "category": "general", "text": "ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-9311", "url": "https://www.suse.com/security/cve/CVE-2016-9311" }, { "category": "external", "summary": "SUSE Bug 1011377 for CVE-2016-9311", "url": "https://bugzilla.suse.com/1011377" }, { "category": "external", "summary": "SUSE Bug 1011421 for CVE-2016-9311", "url": "https://bugzilla.suse.com/1011421" }, { "category": "external", "summary": "SUSE Bug 1012330 for CVE-2016-9311", "url": "https://bugzilla.suse.com/1012330" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-9311" } ] }
cnvd-2016-02743
Vulnerability from cnvd
Title: ntpd系统时间修改漏洞
Description:
ntpd是一个操作系统守护进程,它使用网络时间协议与时间服务器的系统时间保持同步。
当程序使用trustedkey并且未启用ntp-4.2.8p6中引入的功能时,ntpd存在安全漏洞,允许远程攻击者可提交特殊的请求修改受影响系统的时间。
Severity: 中
Patch Name: ntpd系统时间修改漏洞的补丁
Patch Description:
ntpd是一个操作系统守护进程,它使用网络时间协议与时间服务器的系统时间保持同步。
当程序使用trustedkey并且未启用ntp-4.2.8p6中引入的功能时,ntpd存在安全漏洞,允许远程攻击者可提交特殊的请求修改受影响系统的时间。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
用户可参考如下厂商提供的安全补丁以修复该漏洞: http://support.ntp.org/bin/view/Main/NtpBug3012
Reference: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
Name | ['Ntp NTPd 4.x<4.2.8p7', 'Ntp NTPd >4.3,<4.3.92'] |
---|
{ "cves": { "cve": { "cveNumber": "CVE-2016-1549" } }, "description": "ntpd\u662f\u4e00\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u5b88\u62a4\u8fdb\u7a0b\uff0c\u5b83\u4f7f\u7528\u7f51\u7edc\u65f6\u95f4\u534f\u8bae\u4e0e\u65f6\u95f4\u670d\u52a1\u5668\u7684\u7cfb\u7edf\u65f6\u95f4\u4fdd\u6301\u540c\u6b65\u3002\r\n\r\n\u5f53\u7a0b\u5e8f\u4f7f\u7528trustedkey\u5e76\u4e14\u672a\u542f\u7528ntp-4.2.8p6\u4e2d\u5f15\u5165\u7684\u529f\u80fd\u65f6\uff0cntpd\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\u4fee\u6539\u53d7\u5f71\u54cd\u7cfb\u7edf\u7684\u65f6\u95f4\u3002", "discovererName": "Cisco TALOS", "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://support.ntp.org/bin/view/Main/NtpBug3012", "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e", "number": "CNVD-2016-02743", "openTime": "2016-05-05", "patchDescription": "ntpd\u662f\u4e00\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u5b88\u62a4\u8fdb\u7a0b\uff0c\u5b83\u4f7f\u7528\u7f51\u7edc\u65f6\u95f4\u534f\u8bae\u4e0e\u65f6\u95f4\u670d\u52a1\u5668\u7684\u7cfb\u7edf\u65f6\u95f4\u4fdd\u6301\u540c\u6b65\u3002\r\n\r\n\u5f53\u7a0b\u5e8f\u4f7f\u7528trustedkey\u5e76\u4e14\u672a\u542f\u7528ntp-4.2.8p6\u4e2d\u5f15\u5165\u7684\u529f\u80fd\u65f6\uff0cntpd\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\u4fee\u6539\u53d7\u5f71\u54cd\u7cfb\u7edf\u7684\u65f6\u95f4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002", "patchName": "ntpd\u7cfb\u7edf\u65f6\u95f4\u4fee\u6539\u6f0f\u6d1e\u7684\u8865\u4e01", "products": { "product": [ "Ntp NTPd 4.x\u003c4.2.8p7", "Ntp NTPd \u003e4.3\uff0c\u003c4.3.92" ] }, "referenceLink": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security", "serverity": "\u4e2d", "submitTime": "2016-04-30", "title": "ntpd\u7cfb\u7edf\u65f6\u95f4\u4fee\u6539\u6f0f\u6d1e" }
var-201701-0421
Vulnerability from variot
A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP is prone to a remote security vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and perform some unauthorized actions to the application. This may aid in further attacks. Versions prior to NTP 4.2.8p7 and 4.3.x versions prior to 4.3.92 are vulnerable.
Gentoo Linux Security Advisory GLSA 201607-15
https://security.gentoo.org/
Severity: Normal Title: NTP: Multiple vulnerabilities Date: July 20, 2016 Bugs: #563774, #572452, #581528, #584954 ID: 201607-15
Synopsis
Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service.
Background
NTP contains software for the Network Time Protocol.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/ntp < 4.2.8_p8 >= 4.2.8_p8
Description
Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All NTP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p8"
References
[ 1 ] CVE-2015-7691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691 [ 2 ] CVE-2015-7692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692 [ 3 ] CVE-2015-7701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701 [ 4 ] CVE-2015-7702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702 [ 5 ] CVE-2015-7703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703 [ 6 ] CVE-2015-7704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704 [ 7 ] CVE-2015-7705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705 [ 8 ] CVE-2015-7848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848 [ 9 ] CVE-2015-7849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849 [ 10 ] CVE-2015-7850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850 [ 11 ] CVE-2015-7851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851 [ 12 ] CVE-2015-7852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852 [ 13 ] CVE-2015-7853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853 [ 14 ] CVE-2015-7854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854 [ 15 ] CVE-2015-7855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855 [ 16 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 17 ] CVE-2015-7973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973 [ 18 ] CVE-2015-7974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974 [ 19 ] CVE-2015-7975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975 [ 20 ] CVE-2015-7976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976 [ 21 ] CVE-2015-7977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977 [ 22 ] CVE-2015-7978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978 [ 23 ] CVE-2015-7979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979 [ 24 ] CVE-2015-8138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138 [ 25 ] CVE-2015-8139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139 [ 26 ] CVE-2015-8140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140 [ 27 ] CVE-2015-8158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158 [ 28 ] CVE-2016-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547 [ 29 ] CVE-2016-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548 [ 30 ] CVE-2016-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549 [ 31 ] CVE-2016-1550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550 [ 32 ] CVE-2016-1551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551 [ 33 ] CVE-2016-2516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516 [ 34 ] CVE-2016-2517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517 [ 35 ] CVE-2016-2518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518 [ 36 ] CVE-2016-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519 [ 37 ] CVE-2016-4953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953 [ 38 ] CVE-2016-4954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954 [ 39 ] CVE-2016-4955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955 [ 40 ] CVE-2016-4956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956 [ 41 ] CVE-2016-4957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201607-15
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] ntp (SSA:2018-060-02)
New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz: Upgraded. This release addresses five security issues in ntpd: * LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. Reported by Matt Van Gundy of Cisco. * INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. Reported by Yihan Lian of Qihoo 360. * LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated ephemeral associations. Reported on the questions@ list. * LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode cannot recover from bad state. Reported by Miroslav Lichvar of Red Hat. * LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet can reset authenticated interleaved association. Reported by Miroslav Lichvar of Red Hat. For more information, see: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p11-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p11-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.2.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p11-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p11-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: 01c86ddfabec68d52877336258d064c7 ntp-4.2.8p11-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: b2d36d96f9a4d84df3586d38b8b47389 ntp-4.2.8p11-x86_64-1_slack14.0.txz
Slackware 14.1 package: 78b4e9221e725dcb45160950bfc926d0 ntp-4.2.8p11-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: e0d32ed484e02ad28c59838e6407d549 ntp-4.2.8p11-x86_64-1_slack14.1.txz
Slackware 14.2 package: 81690d8e511b403f0fe89c1d120f5049 ntp-4.2.8p11-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: d2c877e3d1b9c7ce003ef090c7610c74 ntp-4.2.8p11-x86_64-1_slack14.2.txz
Slackware -current package: c3ee95d3944b09c2e891883dc5411a6f n/ntp-4.2.8p11-i586-1.txz
Slackware x86_64 -current package: fa9c7a8aca0c769791e34a8e48e6d260 n/ntp-4.2.8p11-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg ntp-4.2.8p11-i586-1_slack14.2.txz
Then, restart the NTP daemon:
sh /etc/rc.d/rc.ntpd restart
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlqYjI8ACgkQakRjwEAQIjM5rACfdDAWRxL2nQATj8HFDPgCVInK 13MAnR04OluKfiEsJVgO6uWJKXy2HOGq =FRx7 -----END PGP SIGNATURE----- . Edge-case hole reported by Martin Burnicki of Meinberg. And fixes another security issue in ntpq and ntpdc: LOW: Sec 3505: The openhost() function used during command-line hostname processing by ntpq and ntpdc can write beyond its buffer limit, which could allow an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201701-0421", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ntp", "scope": "eq", "trust": 1.9, "vendor": "ntp", "version": "4.2.8" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ntp", "version": null }, { "model": "ntp", "scope": "lte", "trust": 0.8, "vendor": "ntp", "version": "4.2.8p4" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.90" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.25" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.6" }, { "model": "p74", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p153", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p150", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p8", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p7", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p6", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p5", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "p1", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.1.2" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.77" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.70" }, { "model": "4.2.8p6", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p5", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p4", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p2", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p1", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p366", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p111", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p11", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.7" }, { "model": "4.2.5p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.5p186", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.0.a", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.80" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.8.1.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "wap371 wireless access point", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "visual quality experience tools server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "visual quality experience server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtual security gateway for microsoft hyper-v", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "videoscape control suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video distribution suite for internet streaming", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video delivery system recorder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unity express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified computing system e-series blade server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence exchange system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "support central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "standalone rack server cimc", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "small business series wireless access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "small business series wireless access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3210" }, { "model": "small business series wireless access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1210" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sentinel", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "scos", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime service catalog virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime infrastructure standalone plug and play gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime infrastructure", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime access registrar appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime access registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "physical access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "network device security assessment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nac server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "management heartbeat server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(2)" }, { "model": "intrusion prevention system solutions", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "identity services engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dcm series 9900-digital content manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "content security appliance updater servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "connected grid routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud object store", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa cx and cisco prime security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "access registrar appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "industrial router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9100" }, { "model": "series ip phones vpn feature", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800-0" }, { "model": "ntp", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": "4.3.92" }, { "model": "4.2.8p7", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p11", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": null } ], "sources": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "BID", "id": "88200" }, { "db": "JVNDB", "id": "JVNDB-2016-006650" }, { "db": "CNNVD", "id": "CNNVD-201604-604" }, { "db": "NVD", "id": "CVE-2016-1549" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:ntp:ntp", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-006650" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Matthew Van Gundy of Cisco ASIG", "sources": [ { "db": "CNNVD", "id": "CNNVD-201604-604" } ], "trust": 0.6 }, "cve": "CVE-2016-1549", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2016-1549", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2016-1549", "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2016-1549", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2016-1549", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201604-604", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2016-1549", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-1549" }, { "db": "JVNDB", "id": "JVNDB-2016-006650" }, { "db": "CNNVD", "id": "CNNVD-201604-604" }, { "db": "NVD", "id": "CVE-2016-1549" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP is prone to a remote security vulnerability. \nSuccessful exploits will allow attackers to bypass certain security restrictions and perform some unauthorized actions to the application. This may aid in further attacks. \nVersions prior to NTP 4.2.8p7 and 4.3.x versions prior to 4.3.92 are vulnerable. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201607-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: NTP: Multiple vulnerabilities\n Date: July 20, 2016\n Bugs: #563774, #572452, #581528, #584954\n ID: 201607-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NTP, the worst of which\ncould lead to Denial of Service. \n\nBackground\n==========\n\nNTP contains software for the Network Time Protocol. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/ntp \u003c 4.2.8_p8 \u003e= 4.2.8_p8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could possibly cause a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8_p8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-7691\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691\n[ 2 ] CVE-2015-7692\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692\n[ 3 ] CVE-2015-7701\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701\n[ 4 ] CVE-2015-7702\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702\n[ 5 ] CVE-2015-7703\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703\n[ 6 ] CVE-2015-7704\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704\n[ 7 ] CVE-2015-7705\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705\n[ 8 ] CVE-2015-7848\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848\n[ 9 ] CVE-2015-7849\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849\n[ 10 ] CVE-2015-7850\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850\n[ 11 ] CVE-2015-7851\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851\n[ 12 ] CVE-2015-7852\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852\n[ 13 ] CVE-2015-7853\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853\n[ 14 ] CVE-2015-7854\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854\n[ 15 ] CVE-2015-7855\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855\n[ 16 ] CVE-2015-7871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871\n[ 17 ] CVE-2015-7973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973\n[ 18 ] CVE-2015-7974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974\n[ 19 ] CVE-2015-7975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975\n[ 20 ] CVE-2015-7976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976\n[ 21 ] CVE-2015-7977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977\n[ 22 ] CVE-2015-7978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978\n[ 23 ] CVE-2015-7979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979\n[ 24 ] CVE-2015-8138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138\n[ 25 ] CVE-2015-8139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139\n[ 26 ] CVE-2015-8140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140\n[ 27 ] CVE-2015-8158\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158\n[ 28 ] CVE-2016-1547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547\n[ 29 ] CVE-2016-1548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548\n[ 30 ] CVE-2016-1549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549\n[ 31 ] CVE-2016-1550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550\n[ 32 ] CVE-2016-1551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551\n[ 33 ] CVE-2016-2516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516\n[ 34 ] CVE-2016-2517\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517\n[ 35 ] CVE-2016-2518\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518\n[ 36 ] CVE-2016-2519\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519\n[ 37 ] CVE-2016-4953\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953\n[ 38 ] CVE-2016-4954\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954\n[ 39 ] CVE-2016-4955\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955\n[ 40 ] CVE-2016-4956\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956\n[ 41 ] CVE-2016-4957\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201607-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security] ntp (SSA:2018-060-02)\n\nNew ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix security issues. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz: Upgraded. \n This release addresses five security issues in ntpd:\n * LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability:\n ephemeral association attack. While fixed in ntp-4.2.8p7, there are\n significant additional protections for this issue in 4.2.8p11. \n Reported by Matt Van Gundy of Cisco. \n * INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer\n read overrun leads to undefined behavior and information leak. \n Reported by Yihan Lian of Qihoo 360. \n * LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated\n ephemeral associations. Reported on the questions@ list. \n * LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode\n cannot recover from bad state. Reported by Miroslav Lichvar of Red Hat. \n * LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet\n can reset authenticated interleaved association. \n Reported by Miroslav Lichvar of Red Hat. \n For more information, see:\n http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p11-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p11-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p11-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p11-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n01c86ddfabec68d52877336258d064c7 ntp-4.2.8p11-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nb2d36d96f9a4d84df3586d38b8b47389 ntp-4.2.8p11-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n78b4e9221e725dcb45160950bfc926d0 ntp-4.2.8p11-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ne0d32ed484e02ad28c59838e6407d549 ntp-4.2.8p11-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n81690d8e511b403f0fe89c1d120f5049 ntp-4.2.8p11-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\nd2c877e3d1b9c7ce003ef090c7610c74 ntp-4.2.8p11-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nc3ee95d3944b09c2e891883dc5411a6f n/ntp-4.2.8p11-i586-1.txz\n\nSlackware x86_64 -current package:\nfa9c7a8aca0c769791e34a8e48e6d260 n/ntp-4.2.8p11-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p11-i586-1_slack14.2.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\n\niEYEARECAAYFAlqYjI8ACgkQakRjwEAQIjM5rACfdDAWRxL2nQATj8HFDPgCVInK\n13MAnR04OluKfiEsJVgO6uWJKXy2HOGq\n=FRx7\n-----END PGP SIGNATURE-----\n. \n Edge-case hole reported by Martin Burnicki of Meinberg. \n And fixes another security issue in ntpq and ntpdc:\n LOW: Sec 3505: The openhost() function used during command-line hostname\n processing by ntpq and ntpdc can write beyond its buffer limit, which\n could allow an attacker to achieve code execution or escalate to higher\n privileges via a long string as the argument for an IPv4 or IPv6\n command-line parameter. NOTE: It is unclear whether there are any common\n situations in which ntpq or ntpdc is used with a command line from an\n untrusted source", "sources": [ { "db": "NVD", "id": "CVE-2016-1549" }, { "db": "CERT/CC", "id": "VU#718152" }, { "db": "JVNDB", "id": "JVNDB-2016-006650" }, { "db": "BID", "id": "88200" }, { "db": "VULMON", "id": "CVE-2016-1549" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "146631" }, { "db": "PACKETSTORM", "id": "136864" }, { "db": "PACKETSTORM", "id": "148988" } ], "trust": 3.06 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-1549", "trust": 3.2 }, { "db": "CERT/CC", "id": "VU#718152", "trust": 2.6 }, { "db": "TALOS", "id": "TALOS-2016-0083", "trust": 1.7 }, { "db": "BID", "id": "88200", "trust": 1.4 }, { "db": "SECTRACK", "id": "1035705", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU91176422", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-006650", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201604-604", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2016-1549", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137992", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "146631", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136864", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "148988", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "VULMON", "id": "CVE-2016-1549" }, { "db": "BID", "id": "88200" }, { "db": "JVNDB", "id": "JVNDB-2016-006650" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "146631" }, { "db": "PACKETSTORM", "id": "136864" }, { "db": "PACKETSTORM", "id": "148988" }, { "db": "CNNVD", "id": "CNNVD-201604-604" }, { "db": "NVD", "id": "CVE-2016-1549" } ] }, "id": "VAR-201701-0421", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.365299625 }, "last_update_date": "2024-11-23T21:07:52.841000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Oracle Solaris Third Party Bulletin - April 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "title": "April 2016 ntp-4.2.8p7 Security Vulnerability Announcement (Medium)", "trust": 0.8, "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security" }, { "title": "TALOS-2016-0083", "trust": 0.8, "url": "http://www.talosintelligence.com/reports/TALOS-2016-0083/" }, { "title": "ntpd Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61287" }, { "title": "Red Hat: CVE-2016-1549", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-1549" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2016-1549" }, { "title": "Arch Linux Advisories: [ASA-201803-11] ntp: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201803-11" }, { "title": "Amazon Linux AMI: ALAS-2018-1009", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2018-1009" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2019", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=4ee609eeae78bbbd0d0c827f33a7f87f" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655" }, { "title": "The Register", "trust": 0.1, "url": "https://www.theregister.co.uk/2016/04/28/time_for_a_patch_six_vulns_fixed_in_ntp_daemon/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-1549" }, { "db": "JVNDB", "id": "JVNDB-2016-006650" }, { "db": "CNNVD", "id": "CNNVD-201604-604" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-19", "trust": 1.8 }, { "problemtype": "CWE-362", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-006650" }, { "db": "NVD", "id": "CVE-2016-1549" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://www.kb.cert.org/vuls/id/718152" }, { "trust": 1.7, "url": "http://www.talosintelligence.com/reports/talos-2016-0083/" }, { "trust": 1.4, "url": "http://support.ntp.org/bin/view/main/securitynotice#april_2016_ntp_4_2_8p7_security" }, { "trust": 1.2, "url": "https://security.gentoo.org/glsa/201607-15" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/88200" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1035705" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20171004-0002/" }, { "trust": 1.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-16:16.ntp.asc" }, { "trust": 1.1, "url": "https://www.synology.com/support/security/synology_sa_18_13" }, { "trust": 1.1, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbux03962en_us" }, { "trust": 1.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1549" }, { "trust": 0.9, "url": "http://support.ntp.org/bin/view/main/ntpbug3012" }, { "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/securitynotice#january_2016_ntp_4_2_8p6_securit" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu91176422/" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1549" }, { "trust": 0.3, "url": "http://www.ntp.org/" }, { "trust": 0.3, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160428-ntpd" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024073" }, { "trust": 0.3, "url": "http://support.ntp.org/bin/view/main/ntpbug3012p12" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983803" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1549" }, { "trust": 0.3, "url": "http://slackware.com" }, { "trust": 0.3, "url": "http://osuosl.org)" }, { "trust": 0.3, "url": "http://slackware.com/gpg-key" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8138" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7704" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1547" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/19.html" }, { "trust": 0.1, "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=56951" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7702" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7705" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7702" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7849" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7852" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7978" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8140" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7855" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7978" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7852" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2516" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7975" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7848" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7973" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7979" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8158" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4954" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4956" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7973" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7853" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7701" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7704" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8140" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7974" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7691" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4957" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7703" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7855" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4955" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7849" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7854" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7703" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7705" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2517" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7691" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1547" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8158" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7854" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7853" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2519" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2518" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7851" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7692" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7977" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7848" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7977" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1550" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7850" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7850" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7701" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7692" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8138" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7979" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7974" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7851" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4953" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7975" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7976" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7976" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7182" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7170" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7184" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7184" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7182" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7170" }, { "trust": 0.1, "url": "http://support.ntp.org/bin/view/main/securitynotice#february_2018_ntp_4_2_8p11_ntp_s" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2516" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7704" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1551" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1548" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2519" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2516" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2517" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2519" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1550" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1547" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8138" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2518" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1551" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1550" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2518" }, { "trust": 0.1, "url": "http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2517" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12327" }, { "trust": 0.1, "url": "http://support.ntp.org/bin/view/main/securitynotice#august_2018_ntp_4_2_8p12_ntp_rel" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12327" } ], "sources": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "VULMON", "id": "CVE-2016-1549" }, { "db": "BID", "id": "88200" }, { "db": "JVNDB", "id": "JVNDB-2016-006650" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "146631" }, { "db": "PACKETSTORM", "id": "136864" }, { "db": "PACKETSTORM", "id": "148988" }, { "db": "CNNVD", "id": "CNNVD-201604-604" }, { "db": "NVD", "id": "CVE-2016-1549" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "VULMON", "id": "CVE-2016-1549" }, { "db": "BID", "id": "88200" }, { "db": "JVNDB", "id": "JVNDB-2016-006650" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "146631" }, { "db": "PACKETSTORM", "id": "136864" }, { "db": "PACKETSTORM", "id": "148988" }, { "db": "CNNVD", "id": "CNNVD-201604-604" }, { "db": "NVD", "id": "CVE-2016-1549" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-04-27T00:00:00", "db": "CERT/CC", "id": "VU#718152" }, { "date": "2017-01-06T00:00:00", "db": "VULMON", "id": "CVE-2016-1549" }, { "date": "2016-04-26T00:00:00", "db": "BID", "id": "88200" }, { "date": "2017-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-006650" }, { "date": "2016-07-21T15:56:23", "db": "PACKETSTORM", "id": "137992" }, { "date": "2018-03-01T23:35:00", "db": "PACKETSTORM", "id": "146631" }, { "date": "2016-05-02T21:38:58", "db": "PACKETSTORM", "id": "136864" }, { "date": "2018-08-18T23:23:00", "db": "PACKETSTORM", "id": "148988" }, { "date": "2016-04-28T00:00:00", "db": "CNNVD", "id": "CNNVD-201604-604" }, { "date": "2017-01-06T21:59:00.383000", "db": "NVD", "id": "CVE-2016-1549" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-04-28T00:00:00", "db": "CERT/CC", "id": "VU#718152" }, { "date": "2018-03-28T00:00:00", "db": "VULMON", "id": "CVE-2016-1549" }, { "date": "2018-08-15T07:00:00", "db": "BID", "id": "88200" }, { "date": "2017-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-006650" }, { "date": "2017-01-11T00:00:00", "db": "CNNVD", "id": "CNNVD-201604-604" }, { "date": "2024-11-21T02:46:37.430000", "db": "NVD", "id": "CVE-2016-1549" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201604-604" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NTP.org ntpd contains multiple vulnerabilities", "sources": [ { "db": "CERT/CC", "id": "VU#718152" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201604-604" } ], "trust": 0.6 } }
gsd-2016-1549
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2016-1549", "description": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock.", "id": "GSD-2016-1549", "references": [ "https://www.suse.com/security/cve/CVE-2016-1549.html", "https://advisories.mageia.org/CVE-2016-1549.html", "https://security.archlinux.org/CVE-2016-1549", "https://alas.aws.amazon.com/cve/html/CVE-2016-1549.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2016-1549" ], "details": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock.", "id": "GSD-2016-1549", "modified": "2023-12-13T01:21:24.769520Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cert@cert.org", "ID": "CVE-2016-1549", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "NTP", "version": { "version_data": [ { "version_value": "4.2.8p3" }, { "version_value": "4.2.8p4" } ] } } ] }, "vendor_name": "NTP Project" }, { "product": { "product_data": [ { "product_name": "NTPSec", "version": { "version_data": [ { "version_value": "3e160db8dc248a0bcb053b56a80167dc742d2b74" }, { "version_value": "a5fb34b9cc89b92a8fef2f459004865c93bb7f92" } ] } } ] }, "vendor_name": "NTPsec Project" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "unspecified" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.talosintelligence.com/reports/TALOS-2016-0083/", "refsource": "MISC", "url": "http://www.talosintelligence.com/reports/TALOS-2016-0083/" }, { "name": "88200", "refsource": "BID", "url": "http://www.securityfocus.com/bid/88200" }, { "name": "1035705", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035705" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "https://security.netapp.com/advisory/ntap-20171004-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171004-0002/" }, { "name": "FreeBSD-SA-16:16", "refsource": "FREEBSD", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc" }, { "name": "https://www.synology.com/support/security/Synology_SA_18_13", "refsource": "CONFIRM", "url": "https://www.synology.com/support/security/Synology_SA_18_13" }, { "name": "GLSA-201607-15", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201607-15" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cert@cert.org", "ID": "CVE-2016-1549" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-19" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.talosintelligence.com/reports/TALOS-2016-0083/", "refsource": "MISC", "tags": [ "Mitigation", "Technical Description", "Third Party Advisory" ], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0083/" }, { "name": "88200", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/88200" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "GLSA-201607-15", "refsource": "GENTOO", "tags": [], "url": "https://security.gentoo.org/glsa/201607-15" }, { "name": "1035705", "refsource": "SECTRACK", "tags": [], "url": "http://www.securitytracker.com/id/1035705" }, { "name": "https://security.netapp.com/advisory/ntap-20171004-0002/", "refsource": "CONFIRM", "tags": [], "url": "https://security.netapp.com/advisory/ntap-20171004-0002/" }, { "name": "FreeBSD-SA-16:16", "refsource": "FREEBSD", "tags": [], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc" }, { "name": "https://www.synology.com/support/security/Synology_SA_18_13", "refsource": "CONFIRM", "tags": [], "url": "https://www.synology.com/support/security/Synology_SA_18_13" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us", "refsource": "CONFIRM", "tags": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 3.6 } }, "lastModifiedDate": "2018-03-28T01:29Z", "publishedDate": "2017-01-06T21:59Z" } } }
ghsa-r89j-r995-h68w
Vulnerability from github
A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.
{ "affected": [], "aliases": [ "CVE-2016-1549" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2017-01-06T21:59:00Z", "severity": "MODERATE" }, "details": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock.", "id": "GHSA-r89j-r995-h68w", "modified": "2025-04-20T03:30:48Z", "published": "2022-05-14T03:34:38Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1549" }, { "type": "WEB", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/201607-15" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20171004-0002" }, { "type": "WEB", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us" }, { "type": "WEB", "url": "https://www.synology.com/support/security/Synology_SA_18_13" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/88200" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1035705" }, { "type": "WEB", "url": "http://www.talosintelligence.com/reports/TALOS-2016-0083" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" } ] }
fkie_cve-2016-1549
Vulnerability from fkie_nvd
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*", "matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock." }, { "lang": "es", "value": "Un par malicioso autenticado puede crear arbitrariamente muchas asociaciones ef\u00edmeras para ganar el algoritmo de selecci\u00f3n de reloj en ntpd en NTP 4.2.8p4 y versiones anteriores y NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 y a5fb34b9cc89b92a8fef2f459004865c93bb7f92 y modificar un reloj de una v\u00edctima." } ], "id": "CVE-2016-1549", "lastModified": "2025-04-20T01:37:25.860", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-01-06T21:59:00.383", "references": [ { "source": "cret@cert.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/88200" }, { "source": "cret@cert.org", "url": "http://www.securitytracker.com/id/1035705" }, { "source": "cret@cert.org", "tags": [ "Mitigation", "Technical Description", "Third Party Advisory" ], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0083/" }, { "source": "cret@cert.org", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc" }, { "source": "cret@cert.org", "url": "https://security.gentoo.org/glsa/201607-15" }, { "source": "cret@cert.org", "url": "https://security.netapp.com/advisory/ntap-20171004-0002/" }, { "source": "cret@cert.org", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us" }, { "source": "cret@cert.org", "url": "https://www.synology.com/support/security/Synology_SA_18_13" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/88200" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1035705" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Technical Description", "Third Party Advisory" ], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0083/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201607-15" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20171004-0002/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.synology.com/support/security/Synology_SA_18_13" } ], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-19" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.