Overview

File _patchinfo of Package patchinfo.3211

<patchinfo incident="3211">
  <issue id="1011395" tracker="bnc">VUL-0: CVE-2016-7431: ntp: Zero Origin timestamp regression</issue>
  <issue id="1011390" tracker="bnc">VUL-0:  CVE-2016-7427: ntp: Broadcast Mode Replay Prevention DoS</issue>
  <issue id="1011398" tracker="bnc">VUL-0: CVE-2016-7434: ntp: read_mru_list() does inadequate incoming packet checks</issue>
  <issue id="992606" tracker="bnc">L3: Frequent IPv6 route updates are leading to increased system load due to ntpd</issue>
  <issue id="992038" tracker="bnc">ntpd complains OpenSSL version mismatch and apparmor DENIED</issue>
  <issue id="1009434" tracker="bnc">L3: sntp with option "-a" segfaults</issue>
  <issue id="1011377" tracker="bnc">VUL-0:  CVE-2016-9310, CVE-2016-9311 : ntp: Mode 6 unauthenticated trap information disclosure and DDoS vector</issue>
  <issue id="1011411" tracker="bnc">VUL-0: CVE-2016-7433: ntp: Fix for bug 2085 broke initial sync calculations</issue>
  <issue id="1011404" tracker="bnc">VUL-0: CVE-2016-7429: ntp: Attack on interface selection</issue>
  <issue id="981252" tracker="bnc">ntp trap regression</issue>
  <issue id="1011406" tracker="bnc">VUL-0: CVE-2016-7426: ntp: Client rate limiting and server responses</issue>
  <issue id="1011417" tracker="bnc">VUL-0: CVE-2016-7428: ntp: Broadcast Mode Poll Interval Enforcement DoS</issue>
  <issue id="943216" tracker="bnc">VUL-1: CVE-2015-5219: ntp: infinite loop in sntp processing crafted packet</issue>
  <issue id="988028" tracker="bnc">"Operation not permitted" when waking up resolver after updating ntp</issue>
  <issue id="956365" tracker="bnc">Apparmor denies access for /usr/sbin/ntpd</issue>
  <issue id="2016-7428" tracker="cve" />
  <issue id="2016-9310" tracker="cve" />
  <issue id="2016-9311" tracker="cve" />
  <issue id="2016-7431" tracker="cve" />
  <issue id="2016-7433" tracker="cve" />
  <issue id="2015-5219" tracker="cve" />
  <issue id="2016-7426" tracker="cve" />
  <issue id="2016-7434" tracker="cve" />
  <issue id="2016-7427" tracker="cve" />
  <issue id="2016-7429" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>rmax</packager>
  <description>
This update for ntp fixes the following issues:

ntp was updated to 4.2.8p9.

Security issues fixed:

- CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6
  unauthenticated trap information disclosure and DDoS vector.
- CVE-2016-7427, bsc#1011390:
  Broadcast Mode Replay Prevention DoS.
- CVE-2016-7428, bsc#1011417:
  Broadcast Mode Poll Interval Enforcement DoS.
- CVE-2016-7431, bsc#1011395:
  Regression: 010-origin: Zero Origin Timestamp Bypass.
- CVE-2016-7434, bsc#1011398:
  Null pointer dereference in _IO_str_init_static_internal().
- CVE-2016-7429, bsc#1011404: Interface selection attack.
- CVE-2016-7426, bsc#1011406:
  Client rate limiting and server responses.
- CVE-2016-7433, bsc#1011411: Reboot sync calculation problem.
- CVE-2015-5219: An endless loop due to incorrect precision to
  double conversion (bsc#943216).

Non-security issues fixed:

- Fix a spurious error message.
- Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog.
- Fix a regression in "trap" (bsc#981252).
- Reduce the number of netlink groups to listen on for changes to
  the local network setup (bsc#992606).
- Fix segfault in "sntp -a" (bsc#1009434).
- Silence an OpenSSL version warning (bsc#992038).
- Make the resolver task change user and group IDs to the same
  values as the main task. (bsc#988028)
- Simplify ntpd's search for its own executable to prevent AppArmor
  warnings (bsc#956365).

</description>
  <summary>Security update for ntp</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places