{"affected":[{"ecosystem_specific":{"binaries":[{"ntp":"4.2.8p13-lp150.8.1","ntp-doc":"4.2.8p13-lp150.8.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.0","name":"ntp","purl":"pkg:rpm/opensuse/ntp&distro=openSUSE%20Leap%2015.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.8p13-lp150.8.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for ntp fixes the following issues:\n\nSecurity issue fixed: \t  \n\n- CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause \n  segmentation fault to ntpd (bsc#1128525).\n\nOther issues addressed:\n\n- Fixed several bugs in the BANCOMM reclock driver.\n- Fixed ntp_loopfilter.c snprintf compilation warnings.\n- Fixed spurious initgroups() error message.\n- Fixed STA_NANO struct timex units.\n- Fixed GPS week rollover in libparse.\n- Fixed incorrect poll interval in packet.\n- Added a missing check for ENABLE_CMAC.\n\nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2019:1143-1","modified":"2019-04-04T14:12:28Z","published":"2019-04-04T14:12:28Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EAPUXDEF7NLAPPMGD5IXCEOETMLBUN2T/#EAPUXDEF7NLAPPMGD5IXCEOETMLBUN2T"},{"type":"REPORT","url":"https://bugzilla.suse.com/1128525"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-8936"}],"related":["CVE-2019-8936"],"summary":"Security update for ntp","upstream":["CVE-2019-8936"]}