Test Kennung:	1.3.6.1.4.1.25623.1.0.851339
Kategorie:	SuSE Local Security Checks
Titel:	openSUSE: Security Advisory for ntp (openSUSE-SU-2016:1583-1)
Zusammenfassung:	The remote host is missing an update for the 'ntp'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'ntp' package(s) announced via the referenced advisory. Vulnerability Insight: ntp was updated to fix five security issues. These security issues were fixed: - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). These non-security issues were fixed: - bsc#979302: Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. - bsc#979981: ntp-wait does not accept fractional seconds, so use 1 instead of 0.2 in ntp-wait.service. - bsc#981422: Don't ignore SIGCHILD because it breaks wait(). - Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by 'rcntp addserver'. Affected Software/OS: ntp on openSUSE 13.2 Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-4953 BugTraq ID: 91010 http://www.securityfocus.com/bid/91010 Bugtraq: 20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp (Google Search) http://www.securityfocus.com/archive/1/538600/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded Bugtraq: 20160604 [slackware-security] ntp (SSA:2016-155-01) (Google Search) http://www.securityfocus.com/archive/1/538599/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded Bugtraq: 20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS) (Google Search) http://www.securityfocus.com/archive/1/540683/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded CERT/CC vulnerability note: VU#321640 http://www.kb.cert.org/vuls/id/321640 https://www.kb.cert.org/vuls/id/321640 Cisco Security Advisory: 20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd FreeBSD Security Advisory: FreeBSD-SA-16:24 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc https://security.gentoo.org/glsa/201607-15 http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 http://www.securitytracker.com/id/1036037 SuSE Security Announcement: SUSE-SU-2016:1563 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html SuSE Security Announcement: SUSE-SU-2016:1568 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html SuSE Security Announcement: SUSE-SU-2016:1584 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html SuSE Security Announcement: SUSE-SU-2016:1602 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html SuSE Security Announcement: SUSE-SU-2016:1912 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html SuSE Security Announcement: SUSE-SU-2016:2094 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html SuSE Security Announcement: openSUSE-SU-2016:1583 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html SuSE Security Announcement: openSUSE-SU-2016:1636 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html Common Vulnerability Exposure (CVE) ID: CVE-2016-4954 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/ http://www.ubuntu.com/usn/USN-3096-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-4955 BugTraq ID: 91007 http://www.securityfocus.com/bid/91007 Common Vulnerability Exposure (CVE) ID: CVE-2016-4956 BugTraq ID: 91009 http://www.securityfocus.com/bid/91009 Common Vulnerability Exposure (CVE) ID: CVE-2016-4957
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.