Security update for ntp

Announcement ID:	SUSE-SU-2016:1291-1
Rating:	important
References:	bsc#957226 bsc#977446 bsc#977450 bsc#977451 bsc#977452 bsc#977455 bsc#977457 bsc#977458 bsc#977459 bsc#977461 bsc#977464
Cross-References:	CVE-2015-7704 CVE-2015-7705 CVE-2015-7974 CVE-2016-1547 CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-1551 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519
CVSS scores:	CVE-2015-7704 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2015-7705 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2015-7974 ( NVD ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N CVE-2016-1547 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2016-1548 ( NVD ): 7.2 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L CVE-2016-1549 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2016-1550 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2016-1551 ( NVD ): 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2016-2516 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2016-2517 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2016-2518 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2016-2518 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2016-2519 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP1

An update that solves 12 vulnerabilities can now be installed.

Description:

This update for ntp to 4.2.8p7 fixes the following issues:

• CVE-2016-1547, bsc#977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS.
• CVE-2016-1548, bsc#977461: Interleave-pivot
• CVE-2016-1549, bsc#977451: Sybil vulnerability: ephemeral association attack.
• CVE-2016-1550, bsc#977464: Improve NTP security against buffer comparison timing attacks.
• CVE-2016-1551, bsc#977450: Refclock impersonation vulnerability
• CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig directives will cause an assertion botch in ntpd.
• CVE-2016-2517, bsc#977455: remote configuration trustedkey/ requestkey/controlkey values are not properly validated.
• CVE-2016-2518, bsc#977457: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC.
• CVE-2016-2519, bsc#977458: ctl_getitem() return value not always checked.
• This update also improves the fixes for: CVE-2015-7704, CVE-2015-7705, CVE-2015-7974

Bugs fixed: - Restrict the parser in the startup script to the first occurrance of "keys" and "controlkey" in ntp.conf (bsc#957226).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12 SP1
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-764=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1
  zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-764=1
• SUSE Linux Enterprise Server 12 SP1
  zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-764=1

Package List:

• SUSE Linux Enterprise Desktop 12 SP1 (x86_64)
  • ntp-debuginfo-4.2.8p7-11.1
  • ntp-debugsource-4.2.8p7-11.1
  • ntp-doc-4.2.8p7-11.1
  • ntp-4.2.8p7-11.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le x86_64)
  • ntp-debuginfo-4.2.8p7-11.1
  • ntp-debugsource-4.2.8p7-11.1
  • ntp-doc-4.2.8p7-11.1
  • ntp-4.2.8p7-11.1
• SUSE Linux Enterprise Server 12 SP1 (ppc64le s390x x86_64)
  • ntp-debuginfo-4.2.8p7-11.1
  • ntp-debugsource-4.2.8p7-11.1
  • ntp-doc-4.2.8p7-11.1
  • ntp-4.2.8p7-11.1

References:

• https://www.suse.com/security/cve/CVE-2015-7704.html
• https://www.suse.com/security/cve/CVE-2015-7705.html
• https://www.suse.com/security/cve/CVE-2015-7974.html
• https://www.suse.com/security/cve/CVE-2016-1547.html
• https://www.suse.com/security/cve/CVE-2016-1548.html
• https://www.suse.com/security/cve/CVE-2016-1549.html
• https://www.suse.com/security/cve/CVE-2016-1550.html
• https://www.suse.com/security/cve/CVE-2016-1551.html
• https://www.suse.com/security/cve/CVE-2016-2516.html
• https://www.suse.com/security/cve/CVE-2016-2517.html
• https://www.suse.com/security/cve/CVE-2016-2518.html
• https://www.suse.com/security/cve/CVE-2016-2519.html
• https://bugzilla.suse.com/show_bug.cgi?id=957226
• https://bugzilla.suse.com/show_bug.cgi?id=977446
• https://bugzilla.suse.com/show_bug.cgi?id=977450
• https://bugzilla.suse.com/show_bug.cgi?id=977451
• https://bugzilla.suse.com/show_bug.cgi?id=977452
• https://bugzilla.suse.com/show_bug.cgi?id=977455
• https://bugzilla.suse.com/show_bug.cgi?id=977457
• https://bugzilla.suse.com/show_bug.cgi?id=977458
• https://bugzilla.suse.com/show_bug.cgi?id=977459
• https://bugzilla.suse.com/show_bug.cgi?id=977461
• https://bugzilla.suse.com/show_bug.cgi?id=977464