Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2016:3193-1)
Summary:The remote host is missing an update for the 'ntp' package(s) announced via the SUSE-SU-2016:3193-1 advisory.
The remote host is missing an update for the 'ntp' package(s) announced via the SUSE-SU-2016:3193-1 advisory.

Vulnerability Insight:
This update for ntp fixes the following issues:
- Simplify ntpd's search for its own executable to prevent AppArmor
warnings (bsc#956365).
Security issues fixed (update to 4.2.8p9):
- CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap
information disclosure and DDoS vector.
- CVE-2016-7427, bsc#1011390: Broadcast Mode Replay Prevention DoS.
- CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval Enforcement DoS.
- CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero Origin
Timestamp Bypass.
- CVE-2016-7434, bsc#1011398: Null pointer dereference in
- CVE-2016-7429, bsc#1011404: Interface selection attack.
- CVE-2016-7426, bsc#1011406: Client rate limiting and server responses.
- CVE-2016-7433, bsc#1011411: Reboot sync calculation problem.
- CVE-2015-5219: An endless loop due to incorrect precision to double
conversion (bsc#943216).
- CVE-2015-8140: ntpq vulnerable to replay attacks.
- CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin.
- CVE-2015-5219: An endless loop due to incorrect precision to double
conversion (bsc#943216).
Non-security issues fixed:
- Fix a spurious error message.
- Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog.
- Fix a regression in 'trap' (bsc#981252).
- Reduce the number of netlink groups to listen on for changes to the
local network setup (bsc#992606).
- Fix segfault in 'sntp -a' (bsc#1009434).
- Silence an OpenSSL version warning (bsc#992038).
- Make the resolver task change user and group IDs to the same values as
the main task. (bsc#988028)

Affected Software/OS:
'ntp' package(s) on SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-5219
BugTraq ID: 76473
Debian Security Information: DSA-3388 (Google Search)
RedHat Security Advisories: RHSA-2016:0780
RedHat Security Advisories: RHSA-2016:2583
SuSE Security Announcement: SUSE-SU:2016:1311 (Google Search)
SuSE Security Announcement: openSUSE-SU:2016:3280 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2015-8139
BugTraq ID: 82105
CERT/CC vulnerability note: VU#718152
Cisco Security Advisory: 20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016
FreeBSD Security Advisory: FreeBSD-SA-16:39
SuSE Security Announcement: SUSE-SU-2016:1175 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1177 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1247 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1311 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1292 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1423 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2015-8140
Common Vulnerability Exposure (CVE) ID: CVE-2016-7426
BugTraq ID: 94451
CERT/CC vulnerability note: VU#633847
RedHat Security Advisories: RHSA-2017:0252
Common Vulnerability Exposure (CVE) ID: CVE-2016-7427
BugTraq ID: 94447
Common Vulnerability Exposure (CVE) ID: CVE-2016-7428
BugTraq ID: 94446
Common Vulnerability Exposure (CVE) ID: CVE-2016-7429
BugTraq ID: 94453
Common Vulnerability Exposure (CVE) ID: CVE-2016-7431
BugTraq ID: 94454
Common Vulnerability Exposure (CVE) ID: CVE-2016-7433
BugTraq ID: 94455
Common Vulnerability Exposure (CVE) ID: CVE-2016-7434
BugTraq ID: 94448
Common Vulnerability Exposure (CVE) ID: CVE-2016-9310
BugTraq ID: 94452
Common Vulnerability Exposure (CVE) ID: CVE-2016-9311
BugTraq ID: 94444
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.