Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2016.3193.1
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2016:3193-1)
Zusammenfassung:The remote host is missing an update for the 'ntp' package(s) announced via the SUSE-SU-2016:3193-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'ntp' package(s) announced via the SUSE-SU-2016:3193-1 advisory.

Vulnerability Insight:
This update for ntp fixes the following issues:
- Simplify ntpd's search for its own executable to prevent AppArmor
warnings (bsc#956365).
Security issues fixed (update to 4.2.8p9):
- CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap
information disclosure and DDoS vector.
- CVE-2016-7427, bsc#1011390: Broadcast Mode Replay Prevention DoS.
- CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval Enforcement DoS.
- CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero Origin
Timestamp Bypass.
- CVE-2016-7434, bsc#1011398: Null pointer dereference in
_IO_str_init_static_internal().
- CVE-2016-7429, bsc#1011404: Interface selection attack.
- CVE-2016-7426, bsc#1011406: Client rate limiting and server responses.
- CVE-2016-7433, bsc#1011411: Reboot sync calculation problem.
- CVE-2015-5219: An endless loop due to incorrect precision to double
conversion (bsc#943216).
- CVE-2015-8140: ntpq vulnerable to replay attacks.
- CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin.
- CVE-2015-5219: An endless loop due to incorrect precision to double
conversion (bsc#943216).
Non-security issues fixed:
- Fix a spurious error message.
- Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog.
- Fix a regression in 'trap' (bsc#981252).
- Reduce the number of netlink groups to listen on for changes to the
local network setup (bsc#992606).
- Fix segfault in 'sntp -a' (bsc#1009434).
- Silence an OpenSSL version warning (bsc#992038).
- Make the resolver task change user and group IDs to the same values as
the main task. (bsc#988028)

Affected Software/OS:
'ntp' package(s) on SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Server 11-SP4.

Solution:
Please install the updated package(s).

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-5219
BugTraq ID: 76473
http://www.securityfocus.com/bid/76473
Debian Security Information: DSA-3388 (Google Search)
http://www.debian.org/security/2015/dsa-3388
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html
http://www.openwall.com/lists/oss-security/2015/08/25/3
RedHat Security Advisories: RHSA-2016:0780
http://rhn.redhat.com/errata/RHSA-2016-0780.html
RedHat Security Advisories: RHSA-2016:2583
http://rhn.redhat.com/errata/RHSA-2016-2583.html
SuSE Security Announcement: SUSE-SU:2016:1311 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
SuSE Security Announcement: openSUSE-SU:2016:3280 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html
http://www.ubuntu.com/usn/USN-2783-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-8139
BugTraq ID: 82105
http://www.securityfocus.com/bid/82105
CERT/CC vulnerability note: VU#718152
https://www.kb.cert.org/vuls/id/718152
Cisco Security Advisory: 20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/
FreeBSD Security Advisory: FreeBSD-SA-16:39
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
https://security.gentoo.org/glsa/201607-15
http://www.securitytracker.com/id/1034782
SuSE Security Announcement: SUSE-SU-2016:1175 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html
SuSE Security Announcement: SUSE-SU-2016:1177 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html
SuSE Security Announcement: SUSE-SU-2016:1247 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
SuSE Security Announcement: SUSE-SU-2016:1311 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1292 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html
SuSE Security Announcement: openSUSE-SU-2016:1423 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-8140
Common Vulnerability Exposure (CVE) ID: CVE-2016-7426
BugTraq ID: 94451
http://www.securityfocus.com/bid/94451
CERT/CC vulnerability note: VU#633847
https://www.kb.cert.org/vuls/id/633847
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc
RedHat Security Advisories: RHSA-2017:0252
http://rhn.redhat.com/errata/RHSA-2017-0252.html
http://www.securitytracker.com/id/1037354
https://usn.ubuntu.com/3707-2/
Common Vulnerability Exposure (CVE) ID: CVE-2016-7427
BugTraq ID: 94447
http://www.securityfocus.com/bid/94447
Common Vulnerability Exposure (CVE) ID: CVE-2016-7428
BugTraq ID: 94446
http://www.securityfocus.com/bid/94446
Common Vulnerability Exposure (CVE) ID: CVE-2016-7429
BugTraq ID: 94453
http://www.securityfocus.com/bid/94453
Common Vulnerability Exposure (CVE) ID: CVE-2016-7431
BugTraq ID: 94454
http://www.securityfocus.com/bid/94454
Bugtraq: 20161222 FreeBSD Security Advisory FreeBSD-SA-16:39.ntp (Google Search)
http://www.securityfocus.com/archive/1/539955/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded
Bugtraq: 20170310 [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/540254/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded
http://packetstormsecurity.com/files/140240/FreeBSD-Security-Advisory-FreeBSD-SA-16.39.ntp.html
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
SuSE Security Announcement: openSUSE-SU-2016:3280 (Google Search)
http://www.ubuntu.com/usn/USN-3349-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-7433
BugTraq ID: 94455
http://www.securityfocus.com/bid/94455
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5E3XBBCK5IXOLDAH2E4M3QKIYIHUMMP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ILMSYVQMMF37MANYEO7KBHOPSC74EKGN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PABKEYX6ABBFJZGMXKH57X756EJUDS3C/
Common Vulnerability Exposure (CVE) ID: CVE-2016-7434
BugTraq ID: 94448
http://www.securityfocus.com/bid/94448
https://www.exploit-db.com/exploits/40806/
Common Vulnerability Exposure (CVE) ID: CVE-2016-9310
BugTraq ID: 94452
http://www.securityfocus.com/bid/94452
Common Vulnerability Exposure (CVE) ID: CVE-2016-9311
BugTraq ID: 94444
http://www.securityfocus.com/bid/94444
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.