SUSE Security Update: Security update for ntp ______________________________________________________________________________
Announcement ID: SUSE-SU-2018:3351-1 Rating: moderate References: #1083424 #1098531 #1111853 Cross-References: CVE-2018-12327 CVE-2018-7170 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________
An update that solves two vulnerabilities and has one errata is now available.
Description:
NTP was updated to 4.2.8p12 (bsc#1111853):
- CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424)