{"affected":[{"ecosystem_specific":{"binaries":[{"ntp":"4.2.8p9-46.18.1","ntp-doc":"4.2.8p9-46.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12","name":"ntp","purl":"pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.8p9-46.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ntp":"4.2.8p9-46.18.1","ntp-doc":"4.2.8p9-46.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"ntp","purl":"pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.8p9-46.18.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for ntp fixes the following issues:\n\nntp was updated to 4.2.8p9.\n\nSecurity issues fixed:\n\n- CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6\n  unauthenticated trap information disclosure and DDoS vector.\n- CVE-2016-7427, bsc#1011390:\n  Broadcast Mode Replay Prevention DoS.\n- CVE-2016-7428, bsc#1011417:\n  Broadcast Mode Poll Interval Enforcement DoS.\n- CVE-2016-7431, bsc#1011395:\n  Regression: 010-origin: Zero Origin Timestamp Bypass.\n- CVE-2016-7434, bsc#1011398:\n  Null pointer dereference in _IO_str_init_static_internal().\n- CVE-2016-7429, bsc#1011404: Interface selection attack.\n- CVE-2016-7426, bsc#1011406:\n  Client rate limiting and server responses.\n- CVE-2016-7433, bsc#1011411: Reboot sync calculation problem.\n- CVE-2015-5219: An endless loop due to incorrect precision to\n  double conversion (bsc#943216).\n\nNon-security issues fixed:\n\n- Fix a spurious error message.\n- Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog.\n- Fix a regression in 'trap' (bsc#981252).\n- Reduce the number of netlink groups to listen on for changes to\n  the local network setup (bsc#992606).\n- Fix segfault in 'sntp -a' (bsc#1009434).\n- Silence an OpenSSL version warning (bsc#992038).\n- Make the resolver task change user and group IDs to the same\n  values as the main task. (bsc#988028)\n- Simplify ntpd's search for its own executable to prevent AppArmor\n  warnings (bsc#956365).\n\n","id":"SUSE-SU-2016:3196-1","modified":"2016-12-19T16:07:40Z","published":"2016-12-19T16:07:40Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20163196-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1009434"},{"type":"REPORT","url":"https://bugzilla.suse.com/1011377"},{"type":"REPORT","url":"https://bugzilla.suse.com/1011390"},{"type":"REPORT","url":"https://bugzilla.suse.com/1011395"},{"type":"REPORT","url":"https://bugzilla.suse.com/1011398"},{"type":"REPORT","url":"https://bugzilla.suse.com/1011404"},{"type":"REPORT","url":"https://bugzilla.suse.com/1011406"},{"type":"REPORT","url":"https://bugzilla.suse.com/1011411"},{"type":"REPORT","url":"https://bugzilla.suse.com/1011417"},{"type":"REPORT","url":"https://bugzilla.suse.com/943216"},{"type":"REPORT","url":"https://bugzilla.suse.com/956365"},{"type":"REPORT","url":"https://bugzilla.suse.com/981252"},{"type":"REPORT","url":"https://bugzilla.suse.com/988028"},{"type":"REPORT","url":"https://bugzilla.suse.com/992038"},{"type":"REPORT","url":"https://bugzilla.suse.com/992606"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5219"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7426"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7427"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7428"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7429"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7431"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7433"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7434"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9310"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9311"}],"related":["CVE-2015-5219","CVE-2016-7426","CVE-2016-7427","CVE-2016-7428","CVE-2016-7429","CVE-2016-7431","CVE-2016-7433","CVE-2016-7434","CVE-2016-9310","CVE-2016-9311"],"summary":"Security update for ntp","upstream":["CVE-2015-5219","CVE-2016-7426","CVE-2016-7427","CVE-2016-7428","CVE-2016-7429","CVE-2016-7431","CVE-2016-7433","CVE-2016-7434","CVE-2016-9310","CVE-2016-9311"]}