Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for ntp

This ntp update provides the following security and non security fixes:

- Update to 4.2.8p4 to fix several security issues (bsc#951608):
* CVE-2015-7871: NAK to the Future: Symmetric association
authentication bypass via crypto-NAK
* CVE-2015-7855: decodenetnum() will ASSERT botch instead of
returning FAIL on some bogus values
* CVE-2015-7854: Password Length Memory Corruption Vulnerability
* CVE-2015-7853: Invalid length data provided by a custom
refclock driver could cause a buffer overflow
* CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability
* CVE-2015-7851 saveconfig Directory Traversal Vulnerability
* CVE-2015-7850 remote config logfile-keyfile
* CVE-2015-7849 trusted key use-after-free
* CVE-2015-7848 mode 7 loop counter underrun
* CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC
* CVE-2015-7703 configuration directives "pidfile" and
"driftfile" should only be allowed locally
* CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should
validate the origin timestamp field
* CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey
data packet length checks
* obsoletes ntp-memlock.patch.
- Add a controlkey line to /etc/ntp.conf if one does not already
exist to allow runtime configuuration via ntpq.

Fixed bugs
bnc#951608
VUL-0: ntp: October 2015 update fixes several low and medium severity vulnerabilities
CVE-CVE-2015-7848
CVE-CVE-2015-7849
CVE-CVE-2015-7855
CVE-CVE-2015-7854
CVE-CVE-2015-7871
CVE-CVE-2015-7851
CVE-CVE-2015-7850
CVE-CVE-2015-7853
CVE-CVE-2015-7852
CVE-CVE-2015-7705
CVE-CVE-2015-7704
CVE-CVE-2015-7701
CVE-CVE-2015-7703
CVE-CVE-2015-7702
CVE-CVE-2015-7692
CVE-CVE-2015-7691
Selected Binaries
openSUSE Build Service is sponsored by
Places