Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2016.1584.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2016:1584-1)
Summary:The remote host is missing an update for the 'ntp' package(s) announced via the SUSE-SU-2016:1584-1 advisory.
Description:Summary:
The remote host is missing an update for the 'ntp' package(s) announced via the SUSE-SU-2016:1584-1 advisory.

Vulnerability Insight:
ntp was updated to version 4.2.8p8 to fix five security issues.
These security issues were fixed:
- CVE-2016-4953: Bad authentication demobilizes ephemeral associations
(bsc#982065).
- CVE-2016-4954: Processing spoofed server packets (bsc#982066).
- CVE-2016-4955: Autokey association reset (bsc#982067).
- CVE-2016-4956: Broadcast interleave (bsc#982068).
- CVE-2016-4957: CRYPTO_NAK crash (bsc#982064).
These non-security issues were fixed:
- Keep the parent process alive until the daemon has finished
initialisation, to make sure that the PID file exists when the parent
returns.
- bsc#979302: Change the process name of the forking DNS worker process to
avoid the impression that ntpd is started twice.
- bsc#981422: Don't ignore SIGCHILD because it breaks wait().
- Separate the creation of ntp.keys and key #1 in it to avoid problems
when upgrading installations that have the file, but no key #1, which is
needed e.g. by 'rcntp addserver'.

Affected Software/OS:
'ntp' package(s) on SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-4953
BugTraq ID: 91010
http://www.securityfocus.com/bid/91010
CERT/CC vulnerability note: VU#321640
http://www.kb.cert.org/vuls/id/321640
FreeBSD Security Advisory: FreeBSD-SA-16:24
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc
https://security.gentoo.org/glsa/201607-15
http://www.securitytracker.com/id/1036037
SuSE Security Announcement: SUSE-SU-2016:1563 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html
SuSE Security Announcement: SUSE-SU-2016:1584 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html
SuSE Security Announcement: SUSE-SU-2016:1602 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html
SuSE Security Announcement: openSUSE-SU-2016:1583 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html
SuSE Security Announcement: openSUSE-SU-2016:1636 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-4954
Common Vulnerability Exposure (CVE) ID: CVE-2016-4955
BugTraq ID: 91007
http://www.securityfocus.com/bid/91007
Common Vulnerability Exposure (CVE) ID: CVE-2016-4956
BugTraq ID: 91009
http://www.securityfocus.com/bid/91009
Common Vulnerability Exposure (CVE) ID: CVE-2016-4957
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.