{"affected":[{"ecosystem_specific":{"binaries":[{"ntp":"4.2.8p7-44.1","ntp-doc":"4.2.8p7-44.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 5","name":"ntp","purl":"pkg:rpm/suse/ntp&distro=SUSE%20OpenStack%20Cloud%205"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.8p7-44.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ntp":"4.2.8p7-44.1","ntp-doc":"4.2.8p7-44.1"}]},"package":{"ecosystem":"SUSE:Manager 2.1","name":"ntp","purl":"pkg:rpm/suse/ntp&distro=SUSE%20Manager%202.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.8p7-44.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ntp":"4.2.8p7-44.1","ntp-doc":"4.2.8p7-44.1"}]},"package":{"ecosystem":"SUSE:Manager Proxy 2.1","name":"ntp","purl":"pkg:rpm/suse/ntp&distro=SUSE%20Manager%20Proxy%202.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.8p7-44.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ntp":"4.2.8p7-44.1","ntp-doc":"4.2.8p7-44.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP2-LTSS","name":"ntp","purl":"pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.8p7-44.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ntp":"4.2.8p7-44.1","ntp-doc":"4.2.8p7-44.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP3-LTSS","name":"ntp","purl":"pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.8p7-44.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ntp":"4.2.8p7-44.1","ntp-doc":"4.2.8p7-44.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP3-TERADATA","name":"ntp","purl":"pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.8p7-44.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for ntp fixes the following issues: \n\n- Separate the creation of ntp.keys and key #1 in it to avoid\n  problems when upgrading installations that have the file, but\n  no key #1, which is needed e.g. by 'rcntp addserver'.\n\n- Update to 4.2.8p7 (bsc#977446):\n  * CVE-2016-1547, bsc#977459:\n    Validate crypto-NAKs, AKA: CRYPTO-NAK DoS.\n  * CVE-2016-1548, bsc#977461: Interleave-pivot\n  * CVE-2016-1549, bsc#977451:\n    Sybil vulnerability: ephemeral association attack.\n  * CVE-2016-1550, bsc#977464: Improve NTP security against buffer\n    comparison timing attacks.\n  * CVE-2016-1551, bsc#977450:\n    Refclock impersonation vulnerability\n  * CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig\n    directives will cause an assertion botch in ntpd.\n  * CVE-2016-2517, bsc#977455: remote configuration trustedkey/\n    requestkey/controlkey values are not properly validated.\n  * CVE-2016-2518, bsc#977457: Crafted addpeer with hmode > 7\n    causes array wraparound with MATCH_ASSOC.\n  * CVE-2016-2519, bsc#977458: ctl_getitem() return value not\n    always checked.\n  * integrate ntp-fork.patch\n  * Improve the fixes for:\n    CVE-2015-7704, CVE-2015-7705, CVE-2015-7974\n- Restrict the parser in the startup script to the first\n  occurrance of 'keys' and 'controlkey' in ntp.conf (bsc#957226).\n\n","id":"SUSE-SU-2016:1471-1","modified":"2016-06-01T12:36:52Z","published":"2016-06-01T12:36:52Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20161471-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/957226"},{"type":"REPORT","url":"https://bugzilla.suse.com/977446"},{"type":"REPORT","url":"https://bugzilla.suse.com/977450"},{"type":"REPORT","url":"https://bugzilla.suse.com/977451"},{"type":"REPORT","url":"https://bugzilla.suse.com/977452"},{"type":"REPORT","url":"https://bugzilla.suse.com/977455"},{"type":"REPORT","url":"https://bugzilla.suse.com/977457"},{"type":"REPORT","url":"https://bugzilla.suse.com/977458"},{"type":"REPORT","url":"https://bugzilla.suse.com/977459"},{"type":"REPORT","url":"https://bugzilla.suse.com/977461"},{"type":"REPORT","url":"https://bugzilla.suse.com/977464"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-7704"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-7705"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-7974"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-1547"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-1548"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-1549"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-1550"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-1551"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2516"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2517"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2518"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2519"}],"related":["CVE-2015-7704","CVE-2015-7705","CVE-2015-7974","CVE-2016-1547","CVE-2016-1548","CVE-2016-1549","CVE-2016-1550","CVE-2016-1551","CVE-2016-2516","CVE-2016-2517","CVE-2016-2518","CVE-2016-2519"],"summary":"Security update for ntp","upstream":["CVE-2015-7704","CVE-2015-7705","CVE-2015-7974","CVE-2016-1547","CVE-2016-1548","CVE-2016-1549","CVE-2016-1550","CVE-2016-1551","CVE-2016-2516","CVE-2016-2517","CVE-2016-2518","CVE-2016-2519"]}