Overview

File _patchinfo of Package patchinfo.2324

<patchinfo incident="2324">
  <issue id="942587" tracker="bnc">ntpstat not included in SLES 12 ntp package</issue>
  <issue id="944300" tracker="bnc">ntp config: KOD does nothing without LIMITED</issue>
  <issue id="962988" tracker="bnc">VUL-1: CVE-2015-7975: ntp: nextvar() missing length check in ntpq</issue>
  <issue id="963002" tracker="bnc">VUL-0: CVE-2015-8138: ntp, xntp: Zero Origin Timestamp Bypass</issue>
  <issue id="963000" tracker="bnc">VUL-0: CVE-2015-7978: ntp, xntp: Stack exhaustion in recursive traversal of restriction list</issue>
  <issue id="962784" tracker="bnc">VUL-0: CVE-2015-7979: ntp,xntp: off-path denial of service on authenticated broadcast mode</issue>
  <issue id="962960" tracker="bnc">VUL-1: CVE-2015-7974: ntp,xntp: Missing key check allows impersonation between authenticated peers</issue>
  <issue id="962802" tracker="bnc">VUL-1: CVE-2015-7976: ntp,xntp: 'ntpq saveconfig' command allows dangerous characters in filenames</issue>
  <issue id="962966" tracker="bnc">VUL-1: CVE-2015-8158: ntp,xntp: potential infinite loop in ntpq</issue>
  <issue id="916617" tracker="bnc">sntp command line syntax has changed</issue>
  <issue id="951629" tracker="bnc">VUL-0: CVE-2015-5300: ntp: MITM attacker can force ntpd to make a step larger than the panic threshold</issue>
  <issue id="905885" tracker="bnc">FIPS: ntpd  creates MD5 keys by default in %post</issue>
  <issue id="951608" tracker="bnc">VUL-0: ntp: October 2015 update fixes several low and medium severity vulnerabilities</issue>
  <issue id="962995" tracker="bnc">VUL-0: CVE-2015-7973: ntp,xntp: replay attack on authenticated broadcast mode</issue>
  <issue id="951559" tracker="bnc">sntp prints wrong offset to UTC during DST</issue>
  <issue id="936327" tracker="bnc">ntpd runtime configuration ("start-ntp addserver 192.168.200.1") not working</issue>
  <issue id="910063" tracker="bnc">rcntp from ntp.conf should be removed.</issue>
  <issue id="920238" tracker="bnc">ntpdc times out when trying to talk to the ntp server</issue>
  <issue id="926510" tracker="bnc">[Beta3][Build1040] [Build1041][yast2-ntp-client] Cannot read current settings error</issue>
  <issue id="954982" tracker="bnc">Local clock not working in ntp</issue>
  <issue id="946386" tracker="bnc">ntpd runtime configuration ("start-ntp addserver 192.168.200.1") not working</issue>
  <issue id="962970" tracker="bnc">VUL-0: CVE-2015-7977: ntp,xntp: restriction list NULL pointer dereference</issue>
  <issue id="956773" tracker="bnc">ntp:  routing socket reports: No buffer space available</issue>
  <issue id="962994" tracker="bnc">VUL-0: CVE-2015-8140: ntp,xntp: ntpq protocol vulnerable to replay attacks</issue>
  <issue id="962997" tracker="bnc">VUL-1: CVE-2015-8139: ntp, xntp: Disclose Origin Timestamp to Unauthenticated Clients</issue>
  <issue id="975496" tracker="bnc">sntp prints invalid datestr</issue>
  <issue id="782060" tracker="bnc">ntpq is very slow</issue>
  <issue id="962318" tracker="bnc">NTP client doesn`t work in "synchronize without daemon" mode</issue>
  <issue id="975981" tracker="bnc">[TRACKERBUG] FATE#320758: Enable MSSNTP in ntp package</issue>
  <issue id="937837" tracker="bnc">sntp command line syntax has changed</issue>
  <issue id="CVE-2015-7691" tracker="cve" />
  <issue id="CVE-2015-8158" tracker="cve" />
  <issue id="CVE-2015-7973" tracker="cve" />
  <issue id="CVE-2015-7976" tracker="cve" />
  <issue id="CVE-2015-7977" tracker="cve" />
  <issue id="CVE-2015-7974" tracker="cve" />
  <issue id="CVE-2015-7975" tracker="cve" />
  <issue id="CVE-2015-7855" tracker="cve" />
  <issue id="CVE-2015-7854" tracker="cve" />
  <issue id="CVE-2015-7978" tracker="cve" />
  <issue id="CVE-2015-7979" tracker="cve" />
  <issue id="CVE-2015-7851" tracker="cve" />
  <issue id="CVE-2015-7850" tracker="cve" />
  <issue id="CVE-2015-7853" tracker="cve" />
  <issue id="CVE-2015-7852" tracker="cve" />
  <issue id="CVE-2015-8140" tracker="cve" />
  <issue id="CVE-2015-7705" tracker="cve" />
  <issue id="CVE-2015-7704" tracker="cve" />
  <issue id="CVE-2015-7701" tracker="cve" />
  <issue id="CVE-2015-7703" tracker="cve" />
  <issue id="CVE-2015-7702" tracker="cve" />
  <issue id="CVE-2015-5300" tracker="cve" />
  <issue id="CVE-2015-7848" tracker="cve" />
  <issue id="CVE-2015-7849" tracker="cve" />
  <issue id="CVE-2015-8139" tracker="cve" />
  <issue id="CVE-2015-8138" tracker="cve" />
  <issue id="CVE-2015-7692" tracker="cve" />
  <issue id="CVE-2015-7871" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>rmax</packager>
  <description>ntp was updated to version 4.2.8p6 to fix 28 security issues.

Major functional changes:
- The "sntp" commandline tool changed its option handling in a major way,
  some options have been renamed or dropped.
- "controlkey 1" is added during update to ntp.conf to allow sntp to work.
- The local clock is being disabled during update.
- ntpd is no longer running chrooted.

Other functional changes:
- ntp-signd is installed.
- "enable mode7" can be added to the configuration to allow ntdpc to work as compatibility mode option.
- "kod" was removed from the default restrictions.
- SHA1 keys are used by default instead of MD5 keys.

Also yast2-ntp-client was updated to match some sntp syntax changes. (bsc#937837)

These security issues were fixed:
- CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).
- CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).
- CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784).
- CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000).
- CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).
- CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames (bsc#962802).
- CVE-2015-7975: nextvar() missing length check (bsc#962988).
- CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers (bsc#962960).
- CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995).
- CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).
- CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).
- CVE-2015-5300: MITM attacker could have forced ntpd to make a step larger than the panic threshold (bsc#951629).
- CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK (bsc#951608).
- CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (bsc#951608).
- CVE-2015-7854: Password Length Memory Corruption Vulnerability (bsc#951608).
- CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow (bsc#951608).
- CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability (bsc#951608).
- CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#951608).
- CVE-2015-7850: remote config logfile-keyfile (bsc#951608).
- CVE-2015-7849: trusted key use-after-free (bsc#951608).
- CVE-2015-7848: mode 7 loop counter underrun (bsc#951608).
- CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#951608).
- CVE-2015-7703: configuration directives "pidfile" and "driftfile" should only be allowed locally (bsc#951608).
- CVE-2015-7704, CVE-2015-7705: Clients that receive a KoD should validate the origin timestamp field (bsc#951608).
- CVE-2015-7691, CVE-2015-7692, CVE-2015-7702: Incomplete autokey data packet length checks (bsc#951608).

These non-security issues were fixed:
- fate#320758 bsc#975981: Enable compile-time support for MS-SNTP (--enable-ntp-signd).
  This replaces the w32 patches in 4.2.4 that added the authreg
  directive.
- bsc#962318: Call /usr/sbin/sntp with full path to synchronize in start-ntpd.
  When run as cron job, /usr/sbin/ is not in the path, which caused
  the synchronization to fail.
- bsc#782060: Speedup ntpq.
- bsc#916617: Add /var/db/ntp-kod.
- bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems.
- bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST.
- Add ntp-fork.patch and build with threads disabled to allow name resolution even when running chrooted.
- Add a controlkey line to /etc/ntp.conf if one does not already exist to allow runtime configuuration via ntpq.
- bsc#946386: Temporarily disable memlock to avoid problems due to high memory usage during name resolution.
- bsc#905885: Use SHA1 instead of MD5 for symmetric keys.
- Improve runtime configuration:
  * Read keytype from ntp.conf
  * Don't write ntp keys to syslog.
- Fix legacy action scripts to pass on command line arguments.
- bsc#944300: Remove "kod" from the restrict line in ntp.conf.
- bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd.
- Add a controlkey to ntp.conf to make the above work.
- Don't let "keysdir" lines in ntp.conf trigger the "keys" parser.
- Disable mode 7 (ntpdc) again, now that we don't use it anymore.
- Add "addserver" as a new legacy action.
- bsc#910063: Fix the comment regarding addserver in ntp.conf.
- bsc#926510: Disable chroot by default.
- bsc#920238: Enable ntpdc for backwards compatibility.
</description>
  <summary>Security update for ntp</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places