[security-announce] SUSE-SU-2016:1912-1: important: Security update for ntp

SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1912-1 Rating: important References: #782060 #784760 #905885 #910063 #916617 #920183 #920238 #920893 #920895 #920905 #924202 #926510 #936327 #943218 #943221 #944300 #951351 #951559 #951629 #952611 #957226 #962318 #962784 #962802 #962960 #962966 #962970 #962988 #962995 #963000 #963002 #975496 #977450 #977451 #977452 #977455 #977457 #977458 #977459 #977461 #977464 #979302 #981422 #982056 #982064 #982065 #982066 #982067 #982068 #988417 #988558 #988565 Cross-References: CVE-2015-1798 CVE-2015-1799 CVE-2015-5194 CVE-2015-5300 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871 CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8158 CVE-2016-1547 CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-1551 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that solves 43 vulnerabilities and has 9 fixes is now available. Description: NTP was updated to version 4.2.8p8 to fix several security issues and to ensure the continued maintainability of the package. These security issues were fixed: * CVE-2016-4953: Bad authentication demobilized ephemeral associations (bsc#982065). * CVE-2016-4954: Processing spoofed server packets (bsc#982066). * CVE-2016-4955: Autokey association reset (bsc#982067). * CVE-2016-4956: Broadcast interleave (bsc#982068). * CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). * CVE-2016-1547: Validate crypto-NAKs to prevent ACRYPTO-NAK DoS (bsc#977459). * CVE-2016-1548: Prevent the change of time of an ntpd client or denying service to an ntpd client by forcing it to change from basic client/server mode to interleaved symmetric mode (bsc#977461). * CVE-2016-1549: Sybil vulnerability: ephemeral association attack (bsc#977451). * CVE-2016-1550: Improve security against buffer comparison timing attacks (bsc#977464). * CVE-2016-1551: Refclock impersonation vulnerability (bsc#977450)y * CVE-2016-2516: Duplicate IPs on unconfig directives could have caused an assertion botch in ntpd (bsc#977452). * CVE-2016-2517: Remote configuration trustedkey/ requestkey/controlkey values are not properly validated (bsc#977455). * CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC (bsc#977457). * CVE-2016-2519: ctl_getitem() return value not always checked (bsc#977458). * CVE-2015-8158: Potential Infinite Loop in ntpq (bsc#962966). * CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002). * CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784). * CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000). * CVE-2015-7977: reslist NULL pointer dereference (bsc#962970). * CVE-2015-7976: ntpq saveconfig command allowed dangerous characters in filenames (bsc#962802). * CVE-2015-7975: nextvar() missing length check (bsc#962988). * CVE-2015-7974: NTP did not verify peer associations of symmetric keys when authenticating packets, which might have allowed remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton" key (bsc#962960). * CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995). * CVE-2015-5300: MITM attacker can force ntpd to make a step larger than the panic threshold (bsc#951629). * CVE-2015-5194: Crash with crafted logconfig configuration command (bsc#943218). * CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK (bsc#952611). * CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (bsc#952611). * CVE-2015-7854: Password Length Memory Corruption Vulnerability (bsc#952611). * CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow (bsc#952611). * CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability (bsc#952611). * CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#952611). * CVE-2015-7850: Clients that receive a KoD now validate the origin timestamp field (bsc#952611). * CVE-2015-7849: Prevent use-after-free trusted key (bsc#952611). * CVE-2015-7848: Prevent mode 7 loop counter underrun (bsc#952611). * CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#952611). * CVE-2015-7703: Configuration directives "pidfile" and "driftfile" should only be allowed locally (bsc#943221). * CVE-2015-7704: Clients that receive a KoD should validate the origin timestamp field (bsc#952611). * CVE-2015-7705: Clients that receive a KoD should validate the origin timestamp field (bsc#952611). * CVE-2015-7691: Incomplete autokey data packet length checks (bsc#952611). * CVE-2015-7692: Incomplete autokey data packet length checks (bsc#952611). * CVE-2015-7702: Incomplete autokey data packet length checks (bsc#952611). * CVE-2015-1798: The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP required a correct MAC only if the MAC field has a nonzero length, which made it easier for man-in-the-middle attackers to spoof packets by omitting the MAC (bsc#924202). * CVE-2015-1799: The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP performed state-variable updates upon receiving certain invalid packets, which made it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer (bsc#924202). These non-security issues were fixed: * Keep the parent process alive until the daemon has finished initialisation, to make sure that the PID file exists when the parent returns. * bsc#979302: Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. * bsc#981422: Don't ignore SIGCHILD because it breaks wait(). * Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by "rcntp addserver". * bsc#957226: Restrict the parser in the startup script to the first occurrance of "keys" and "controlkey" in ntp.conf. * Enable compile-time support for MS-SNTP (--enable-ntp-signd) * bsc#975496: Fix ntp-sntp-dst.patch. * bsc#962318: Call /usr/sbin/sntp with full path to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. * bsc#782060: Speedup ntpq. * bsc#951559: Fix the TZ offset output of sntp during DST. * bsc#916617: Add /var/db/ntp-kod. * bsc#951351: Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems. * Add ntp-fork.patch and build with threads disabled to allow name resolution even when running chrooted. * bnc#784760: Remove local clock from default configuration. * Fix incomplete backporting of "rcntp ntptimemset". * bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd. * Don't let "keysdir" lines in ntp.conf trigger the "keys" parser. * bsc#910063: Fix the comment regarding addserver in ntp.conf. * bsc#944300: Remove "kod" from the restrict line in ntp.conf. * bsc#905885: Use SHA1 instead of MD5 for symmetric keys. * bsc#926510: Re-add chroot support, but mark it as deprecated and disable it by default. * bsc#920895: Drop support for running chrooted, because it is an ongoing source of problems and not really needed anymore, given that ntp now drops privileges and runs under apparmor. * bsc#920183: Allow -4 and -6 address qualifiers in "server" directives. * Use upstream ntp-wait, because our version is incompatible with the new ntpq command line syntax. * bsc#920905: Adjust Util.pm to the Perl version on SLE11. * bsc#920238: Enable ntpdc for backwards compatibility. * bsc#920893: Don't use %exclude. * bsc#988417: Default to NTPD_FORCE_SYNC_ON_STARTUP="yes" * bsc#988565: Ignore errors when removing extra files during uninstallation * bsc#988558: Don't blindly guess the value to use for IP_TOS Security Issues: * CVE-2016-4953 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953> * CVE-2016-4954 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954> * CVE-2016-4955 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955> * CVE-2016-4956 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956> * CVE-2016-4957 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957> * CVE-2016-1547 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547> * CVE-2016-1548 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548> * CVE-2016-1549 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549> * CVE-2016-1550 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550> * CVE-2016-1551 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551> * CVE-2016-2516 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516> * CVE-2016-2517 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517> * CVE-2016-2518 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518> * CVE-2016-2519 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519> * CVE-2015-8158 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158> * CVE-2015-8138 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138> * CVE-2015-7979 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979> * CVE-2015-7978 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978> * CVE-2015-7977 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977> * CVE-2015-7976 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976> * CVE-2015-7975 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975> * CVE-2015-7974 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974> * CVE-2015-7973 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973> * CVE-2015-5300 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300> * CVE-2015-5194 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194> * CVE-2015-7871 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871> * CVE-2015-7855 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855> * CVE-2015-7854 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854> * CVE-2015-7853 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853> * CVE-2015-7852 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852> * CVE-2015-7851 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851> * CVE-2015-7850 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850> * CVE-2015-7849 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849> * CVE-2015-7848 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848> * CVE-2015-7701 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701> * CVE-2015-7703 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703> * CVE-2015-7704 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704> * CVE-2015-7705 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705> * CVE-2015-7691 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691> * CVE-2015-7692 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692> * CVE-2015-7702 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702> * CVE-2015-1798 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798> * CVE-2015-1799 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799> Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): ntp-4.2.8p8-0.7.1 ntp-doc-4.2.8p8-0.7.1 References: https://www.suse.com/security/cve/CVE-2015-1798.html https://www.suse.com/security/cve/CVE-2015-1799.html https://www.suse.com/security/cve/CVE-2015-5194.html https://www.suse.com/security/cve/CVE-2015-5300.html https://www.suse.com/security/cve/CVE-2015-7691.html https://www.suse.com/security/cve/CVE-2015-7692.html https://www.suse.com/security/cve/CVE-2015-7701.html https://www.suse.com/security/cve/CVE-2015-7702.html https://www.suse.com/security/cve/CVE-2015-7703.html https://www.suse.com/security/cve/CVE-2015-7704.html https://www.suse.com/security/cve/CVE-2015-7705.html https://www.suse.com/security/cve/CVE-2015-7848.html https://www.suse.com/security/cve/CVE-2015-7849.html https://www.suse.com/security/cve/CVE-2015-7850.html https://www.suse.com/security/cve/CVE-2015-7851.html https://www.suse.com/security/cve/CVE-2015-7852.html https://www.suse.com/security/cve/CVE-2015-7853.html https://www.suse.com/security/cve/CVE-2015-7854.html https://www.suse.com/security/cve/CVE-2015-7855.html https://www.suse.com/security/cve/CVE-2015-7871.html https://www.suse.com/security/cve/CVE-2015-7973.html https://www.suse.com/security/cve/CVE-2015-7974.html https://www.suse.com/security/cve/CVE-2015-7975.html https://www.suse.com/security/cve/CVE-2015-7976.html https://www.suse.com/security/cve/CVE-2015-7977.html https://www.suse.com/security/cve/CVE-2015-7978.html https://www.suse.com/security/cve/CVE-2015-7979.html https://www.suse.com/security/cve/CVE-2015-8138.html https://www.suse.com/security/cve/CVE-2015-8158.html https://www.suse.com/security/cve/CVE-2016-1547.html https://www.suse.com/security/cve/CVE-2016-1548.html https://www.suse.com/security/cve/CVE-2016-1549.html https://www.suse.com/security/cve/CVE-2016-1550.html https://www.suse.com/security/cve/CVE-2016-1551.html https://www.suse.com/security/cve/CVE-2016-2516.html https://www.suse.com/security/cve/CVE-2016-2517.html https://www.suse.com/security/cve/CVE-2016-2518.html https://www.suse.com/security/cve/CVE-2016-2519.html https://www.suse.com/security/cve/CVE-2016-4953.html https://www.suse.com/security/cve/CVE-2016-4954.html https://www.suse.com/security/cve/CVE-2016-4955.html https://www.suse.com/security/cve/CVE-2016-4956.html https://www.suse.com/security/cve/CVE-2016-4957.html https://bugzilla.suse.com/782060 https://bugzilla.suse.com/784760 https://bugzilla.suse.com/905885 https://bugzilla.suse.com/910063 https://bugzilla.suse.com/916617 https://bugzilla.suse.com/920183 https://bugzilla.suse.com/920238 https://bugzilla.suse.com/920893 https://bugzilla.suse.com/920895 https://bugzilla.suse.com/920905 https://bugzilla.suse.com/924202 https://bugzilla.suse.com/926510 https://bugzilla.suse.com/936327 https://bugzilla.suse.com/943218 https://bugzilla.suse.com/943221 https://bugzilla.suse.com/944300 https://bugzilla.suse.com/951351 https://bugzilla.suse.com/951559 https://bugzilla.suse.com/951629 https://bugzilla.suse.com/952611 https://bugzilla.suse.com/957226 https://bugzilla.suse.com/962318 https://bugzilla.suse.com/962784 https://bugzilla.suse.com/962802 https://bugzilla.suse.com/962960 https://bugzilla.suse.com/962966 https://bugzilla.suse.com/962970 https://bugzilla.suse.com/962988 https://bugzilla.suse.com/962995 https://bugzilla.suse.com/963000 https://bugzilla.suse.com/963002 https://bugzilla.suse.com/975496 https://bugzilla.suse.com/977450 https://bugzilla.suse.com/977451 https://bugzilla.suse.com/977452 https://bugzilla.suse.com/977455 https://bugzilla.suse.com/977457 https://bugzilla.suse.com/977458 https://bugzilla.suse.com/977459 https://bugzilla.suse.com/977461 https://bugzilla.suse.com/977464 https://bugzilla.suse.com/979302 https://bugzilla.suse.com/981422 https://bugzilla.suse.com/982056 https://bugzilla.suse.com/982064 https://bugzilla.suse.com/982065 https://bugzilla.suse.com/982066 https://bugzilla.suse.com/982067 https://bugzilla.suse.com/982068 https://bugzilla.suse.com/988417 https://bugzilla.suse.com/988558 https://bugzilla.suse.com/988565 https://download.suse.com/patch/finder/?keywords=e7685b9a0cc48dfc1cea383e011... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org