|Category:||SuSE Local Security Checks|
|Title:||SUSE: Security Advisory (SUSE-SU-2016:1584-1)|
|Summary:||The remote host is missing an update for the 'ntp' package(s) announced via the SUSE-SU-2016:1584-1 advisory.|
The remote host is missing an update for the 'ntp' package(s) announced via the SUSE-SU-2016:1584-1 advisory.
ntp was updated to version 4.2.8p8 to fix five security issues.
These security issues were fixed:
- CVE-2016-4953: Bad authentication demobilizes ephemeral associations
- CVE-2016-4954: Processing spoofed server packets (bsc#982066).
- CVE-2016-4955: Autokey association reset (bsc#982067).
- CVE-2016-4956: Broadcast interleave (bsc#982068).
- CVE-2016-4957: CRYPTO_NAK crash (bsc#982064).
These non-security issues were fixed:
- Keep the parent process alive until the daemon has finished
initialisation, to make sure that the PID file exists when the parent
- bsc#979302: Change the process name of the forking DNS worker process to
avoid the impression that ntpd is started twice.
- bsc#981422: Don't ignore SIGCHILD because it breaks wait().
- Separate the creation of ntp.keys and key #1 in it to avoid problems
when upgrading installations that have the file, but no key #1, which is
needed e.g. by 'rcntp addserver'.
'ntp' package(s) on SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2016-4953|
BugTraq ID: 91010
CERT/CC vulnerability note: VU#321640
FreeBSD Security Advisory: FreeBSD-SA-16:24
SuSE Security Announcement: SUSE-SU-2016:1563 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1584 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1602 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1583 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1636 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2016-4954
Common Vulnerability Exposure (CVE) ID: CVE-2016-4955
BugTraq ID: 91007
Common Vulnerability Exposure (CVE) ID: CVE-2016-4956
BugTraq ID: 91009
Common Vulnerability Exposure (CVE) ID: CVE-2016-4957
|Copyright||Copyright (C) 2021 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.