{"affected":[{"ecosystem_specific":{"binaries":[{"ntp":"4.2.8p7-11.1","ntp-doc":"4.2.8p7-11.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP1","name":"ntp","purl":"pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.8p7-11.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ntp":"4.2.8p7-11.1","ntp-doc":"4.2.8p7-11.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP1","name":"ntp","purl":"pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.8p7-11.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ntp":"4.2.8p7-11.1","ntp-doc":"4.2.8p7-11.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","name":"ntp","purl":"pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.8p7-11.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for ntp to 4.2.8p7 fixes the following issues:\n\n* CVE-2016-1547, bsc#977459:\n  Validate crypto-NAKs, AKA: CRYPTO-NAK DoS.\n* CVE-2016-1548, bsc#977461: Interleave-pivot\n* CVE-2016-1549, bsc#977451:\n  Sybil vulnerability: ephemeral association attack.\n* CVE-2016-1550, bsc#977464: Improve NTP security against buffer\n  comparison timing attacks.\n* CVE-2016-1551, bsc#977450:\n  Refclock impersonation vulnerability\n* CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig\n  directives will cause an assertion botch in ntpd.\n* CVE-2016-2517, bsc#977455: remote configuration trustedkey/\n  requestkey/controlkey values are not properly validated.\n* CVE-2016-2518, bsc#977457: Crafted addpeer with hmode > 7\n  causes array wraparound with MATCH_ASSOC.\n* CVE-2016-2519, bsc#977458: ctl_getitem() return value not\n  always checked.\n* This update also improves the fixes for:\n  CVE-2015-7704, CVE-2015-7705, CVE-2015-7974\n\nBugs fixed:\n- Restrict the parser in the startup script to the first\n  occurrance of 'keys' and 'controlkey' in ntp.conf (bsc#957226).\n","id":"SUSE-SU-2016:1291-1","modified":"2016-05-12T14:58:24Z","published":"2016-05-12T14:58:24Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20161291-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/957226"},{"type":"REPORT","url":"https://bugzilla.suse.com/977446"},{"type":"REPORT","url":"https://bugzilla.suse.com/977450"},{"type":"REPORT","url":"https://bugzilla.suse.com/977451"},{"type":"REPORT","url":"https://bugzilla.suse.com/977452"},{"type":"REPORT","url":"https://bugzilla.suse.com/977455"},{"type":"REPORT","url":"https://bugzilla.suse.com/977457"},{"type":"REPORT","url":"https://bugzilla.suse.com/977458"},{"type":"REPORT","url":"https://bugzilla.suse.com/977459"},{"type":"REPORT","url":"https://bugzilla.suse.com/977461"},{"type":"REPORT","url":"https://bugzilla.suse.com/977464"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-7704"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-7705"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-7974"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-1547"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-1548"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-1549"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-1550"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-1551"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2516"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2517"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2518"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2519"}],"related":["CVE-2015-7704","CVE-2015-7705","CVE-2015-7974","CVE-2016-1547","CVE-2016-1548","CVE-2016-1549","CVE-2016-1550","CVE-2016-1551","CVE-2016-2516","CVE-2016-2517","CVE-2016-2518","CVE-2016-2519"],"summary":"Security update for ntp","upstream":["CVE-2015-7704","CVE-2015-7705","CVE-2015-7974","CVE-2016-1547","CVE-2016-1548","CVE-2016-1549","CVE-2016-1550","CVE-2016-1551","CVE-2016-2516","CVE-2016-2517","CVE-2016-2518","CVE-2016-2519"]}