Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-13817 (GCVE-0-2020-13817)
Vulnerability from cvelistv5
Published
2020-06-04 12:31
Modified
2025-05-05 17:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2020:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"name": "openSUSE-SU-2020:1007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"name": "GLSA-202007-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3596"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.ntp.org/show_bug.cgi?id=3596"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200625-0004/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-13817",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:13:39.175323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T17:07:58.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-07T14:40:21.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2020:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"name": "openSUSE-SU-2020:1007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"name": "GLSA-202007-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3596"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.ntp.org/show_bug.cgi?id=3596"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200625-0004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2020:0934",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"name": "openSUSE-SU-2020:1007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"name": "GLSA-202007-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3596",
"refsource": "MISC",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3596"
},
{
"name": "https://bugs.ntp.org/show_bug.cgi?id=3596",
"refsource": "MISC",
"url": "https://bugs.ntp.org/show_bug.cgi?id=3596"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200625-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200625-0004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13817",
"datePublished": "2020-06-04T12:31:55.000Z",
"dateReserved": "2020-06-04T00:00:00.000Z",
"dateUpdated": "2025-05-05T17:07:58.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-13817\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-06-04T13:15:11.053\",\"lastModified\":\"2025-05-05T17:15:59.030\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance.\"},{\"lang\":\"es\",\"value\":\"ntpd en ntp versiones anteriores a 4.2.8p14 y versiones 4.3.x versiones anteriores a 4.3.100, permite a atacantes remotos causar una denegaci\u00f3n de servicio (salida del demonio o cambio de hora del sistema) mediante la predicci\u00f3n de las marcas de tiempo de transmisi\u00f3n para su uso en paquetes falsificados. La v\u00edctima debe confiar en fuentes de tiempo IPv4 no autenticadas. Debe haber un atacante fuera de la ruta que pueda consultar el tiempo desde la instancia ntpd de la v\u00edctima\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}],\"cvssMetricV30\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:P\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-330\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-330\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.2.8\",\"matchCriteriaId\":\"CED3C1F7-6FFA-44D1-BC56-2BB1963F3B9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.3.0\",\"versionEndExcluding\":\"4.3.100\",\"matchCriteriaId\":\"CB8D7864-41B0-443E-96CF-B011B95223F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEA51D83-5841-4335-AF07-7A43C118CAAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"49ADE0C3-F75C-4EC0-8805-56013F0EB92C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8FF625A-EFA3-43D1-8698-4A37AE31A07C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3B99BBD-97FE-4615-905A-A614592226F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7A9AD3A-F030-4331-B52A-518BD963AB8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"C293B8BE-6691-4944-BCD6-25EB98CABC73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEA650F8-2576-494A-A861-61572CA319D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4ED21EE8-7CBF-4BC5-BFC3-185D41296238\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BC62D4E-D519-458C-BE4E-10DDB73A97D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C420117-862A-41A9-BAE8-8B3478FAEBC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A484251-3220-498C-83FE-A04B013A31A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0CE4157-852B-42ED-A77C-8A17B189432E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C76A0B44-13DE-4173-8D05-DA54F6A71759\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1450241C-2F6D-4122-B33C-D78D065BA403\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"721AFD22-91D3-488E-A5E6-DD84C86E412B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"41E44E9F-6383-4E12-AEDC-B653FEA77A48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"466D9A37-2658-4695-9429-0C6BF4A631C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"99774181-5F12-446C-AC2C-DB1C52295EED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"99C71C00-7222-483B-AEFB-159337BD3C92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"75A9AA28-1B20-44BB-815C-7294A53E910E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C213794-111D-41F3-916C-AD97F731D600\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"50811A7B-0379-4437-8737-B4C1ACBC9EFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"F12E4CF5-536C-416B-AD8D-6AE7CBE22C71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE002C76-406D-4F22-B738-E17BDEA70BCC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FE996B1-6951-4F85-AA58-B99A379D2163\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*\",\"matchCriteriaId\":\"6C2ACC32-5147-4EA5-95BE-B6B4EAB3D82B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85DF4B3F-4BBC-42B7-B729-096934523D63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3C19813-E823-456A-B1CE-EC0684CE1953\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"CBCC384C-5DF0-41AB-B17B-6E9B6CAE8065\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E94F7F59-1785-493F-91A7-5F5EA5E87E4D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F921BC85-568E-4B69-A3CD-CF75C76672F1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD7447BC-F315-4298-A822-549942FC118B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDDF61B7-EC5C-467C-B710-B89F502CD04F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6770B6C3-732E-4E22-BF1C-2D2FD610061C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F9C8C20-42EB-4AB5-BD97-212DEB070C43\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FFF7106-ED78-49BA-9EC5-B889E3685D53\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E63D8B0F-006E-4801-BF9D-1C001BBFB4F9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56409CEC-5A1E-4450-AA42-641E459CC2AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B06F4839-D16A-4A61-9BB5-55B13F41E47F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"108A2215-50FB-4074-94CF-C130FA14566D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32F0B6C0-F930-480D-962B-3F4EFDCC13C7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"803BC414-B250-4E3A-A478-A3881340D6B8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FEB3337-BFDE-462A-908B-176F92053CEC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"736AEAE9-782B-4F71-9893-DED53367E102\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0B4AD8A-F172-4558-AEC6-FF424BA2D912\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8497A4C9-8474-4A62-8331-3FE862ED4098\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"xcp2410\",\"matchCriteriaId\":\"5E63B7B2-409A-476E-BA12-2A2D2F3B85DE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"983D27DE-BC89-454E-AE47-95A26A3651E2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"xcp2410\",\"matchCriteriaId\":\"ADB5D4C9-DA14-4188-9181-17336F9445F6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5825AEE1-B668-40BD-86A9-2799430C742C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"xcp2410\",\"matchCriteriaId\":\"0B65E2F3-57EC-46C0-BB4A-0A0F3F8D387E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DA2D526-BDCF-4A65-914A-B3BA3A0CD613\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"xcp2410\",\"matchCriteriaId\":\"90B7CFBF-761C-4EAA-A322-EF5E294AADED\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE0CF40B-E5BD-4558-9321-184D58EF621D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"xcp2410\",\"matchCriteriaId\":\"48B28ABF-7E1A-4A1E-8F78-0D95D7BDF886\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F3C9C09-7B2B-4DB6-8BE0-35302ED35776\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"xcp2410\",\"matchCriteriaId\":\"E74AAF52-1388-4BD9-B17B-3A6A32CA3608\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95503CE5-1D06-4092-A60D-D310AADCAFB1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"xcp3110\",\"matchCriteriaId\":\"0FC0460E-4695-44FB-99EE-28B2C957B760\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5825AEE1-B668-40BD-86A9-2799430C742C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"xcp3110\",\"matchCriteriaId\":\"BD54A092-85A7-4459-9C69-19E6E24AC24B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DA2D526-BDCF-4A65-914A-B3BA3A0CD613\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"xcp3110\",\"matchCriteriaId\":\"5F813DBC-BA1E-4C73-AA11-1BD3F9508372\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE0CF40B-E5BD-4558-9321-184D58EF621D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"xcp3110\",\"matchCriteriaId\":\"EFDF4F39-1C6C-4AD3-99CF-BD5B44B8C71B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F3C9C09-7B2B-4DB6-8BE0-35302ED35776\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"xcp3110\",\"matchCriteriaId\":\"416B805F-799A-4466-AC5A-93D083A2ABBD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95503CE5-1D06-4092-A60D-D310AADCAFB1\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://support.ntp.org/bin/view/Main/NtpBug3596\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugs.ntp.org/show_bug.cgi?id=3596\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202007-12\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200625-0004/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://support.ntp.org/bin/view/Main/NtpBug3596\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugs.ntp.org/show_bug.cgi?id=3596\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202007-12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200625-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html\", \"name\": \"openSUSE-SU-2020:0934\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html\", \"name\": \"openSUSE-SU-2020:1007\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202007-12\", \"name\": \"GLSA-202007-12\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://support.ntp.org/bin/view/Main/NtpBug3596\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://bugs.ntp.org/show_bug.cgi?id=3596\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200625-0004/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T12:25:16.566Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-13817\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-23T13:13:39.175323Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-330\", \"description\": \"CWE-330 Use of Insufficiently Random Values\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-05T13:25:30.337Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AC:H/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html\", \"name\": \"openSUSE-SU-2020:0934\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html\", \"name\": \"openSUSE-SU-2020:1007\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"https://security.gentoo.org/glsa/202007-12\", \"name\": \"GLSA-202007-12\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://support.ntp.org/bin/view/Main/NtpBug3596\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://bugs.ntp.org/show_bug.cgi?id=3596\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200625-0004/\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2022-02-07T14:40:21.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"attackVector\": \"NETWORK\", \"vectorString\": \"CVSS:3.0/AC:H/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html\", \"name\": \"openSUSE-SU-2020:0934\", \"refsource\": \"SUSE\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html\", \"name\": \"openSUSE-SU-2020:1007\", \"refsource\": \"SUSE\"}, {\"url\": \"https://security.gentoo.org/glsa/202007-12\", \"name\": \"GLSA-202007-12\", \"refsource\": \"GENTOO\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"name\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"refsource\": \"MISC\"}, {\"url\": \"http://support.ntp.org/bin/view/Main/NtpBug3596\", \"name\": \"http://support.ntp.org/bin/view/Main/NtpBug3596\", \"refsource\": \"MISC\"}, {\"url\": \"https://bugs.ntp.org/show_bug.cgi?id=3596\", \"name\": \"https://bugs.ntp.org/show_bug.cgi?id=3596\", \"refsource\": \"MISC\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200625-0004/\", \"name\": \"https://security.netapp.com/advisory/ntap-20200625-0004/\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-13817\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2020-13817\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-05T17:07:58.872Z\", \"dateReserved\": \"2020-06-04T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2020-06-04T12:31:55.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
suse-su-2020:14415-1
Vulnerability from csaf_suse
Published
2020-07-01 14:18
Modified
2020-07-01 14:18
Summary
Security update for ntp
Notes
Title of the patch
Security update for ntp
Description of the patch
This update for ntp fixes the following issues:
ntp was updated to 4.2.8p15
- CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address
frequently send to the client ntpd could have caused denial of service (bsc#1169740).
- CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent
a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed
mode 3 and mode 5 packets (bsc#1171355).
- CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time
from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651).
- CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming
the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334).
Patchnames
slessp4-ntp-14415
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ntp",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ntp fixes the following issues:\n\nntp was updated to 4.2.8p15\n\n- CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address \n frequently send to the client ntpd could have caused denial of service (bsc#1169740).\n- CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent \n a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed \n mode 3 and mode 5 packets (bsc#1171355).\n- CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time \n from victim\u0027s ntpd instance could have modified the victim\u0027s clock by a limited amount (bsc#1172651).\n- CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming \n the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slessp4-ntp-14415",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_14415-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:14415-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-202014415-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:14415-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-July/007061.html"
},
{
"category": "self",
"summary": "SUSE Bug 1169740",
"url": "https://bugzilla.suse.com/1169740"
},
{
"category": "self",
"summary": "SUSE Bug 1171355",
"url": "https://bugzilla.suse.com/1171355"
},
{
"category": "self",
"summary": "SUSE Bug 1172651",
"url": "https://bugzilla.suse.com/1172651"
},
{
"category": "self",
"summary": "SUSE Bug 1173334",
"url": "https://bugzilla.suse.com/1173334"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-8956 page",
"url": "https://www.suse.com/security/cve/CVE-2018-8956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11868 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13817 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15025 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15025/"
}
],
"title": "Security update for ntp",
"tracking": {
"current_release_date": "2020-07-01T14:18:41Z",
"generator": {
"date": "2020-07-01T14:18:41Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:14415-1",
"initial_release_date": "2020-07-01T14:18:41Z",
"revision_history": [
{
"date": "2020-07-01T14:18:41Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-64.16.1.i586",
"product": {
"name": "ntp-4.2.8p15-64.16.1.i586",
"product_id": "ntp-4.2.8p15-64.16.1.i586"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-64.16.1.i586",
"product": {
"name": "ntp-doc-4.2.8p15-64.16.1.i586",
"product_id": "ntp-doc-4.2.8p15-64.16.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-64.16.1.ppc64",
"product": {
"name": "ntp-4.2.8p15-64.16.1.ppc64",
"product_id": "ntp-4.2.8p15-64.16.1.ppc64"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-64.16.1.ppc64",
"product": {
"name": "ntp-doc-4.2.8p15-64.16.1.ppc64",
"product_id": "ntp-doc-4.2.8p15-64.16.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-64.16.1.s390x",
"product": {
"name": "ntp-4.2.8p15-64.16.1.s390x",
"product_id": "ntp-4.2.8p15-64.16.1.s390x"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-64.16.1.s390x",
"product": {
"name": "ntp-doc-4.2.8p15-64.16.1.s390x",
"product_id": "ntp-doc-4.2.8p15-64.16.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-64.16.1.x86_64",
"product": {
"name": "ntp-4.2.8p15-64.16.1.x86_64",
"product_id": "ntp-4.2.8p15-64.16.1.x86_64"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-64.16.1.x86_64",
"product": {
"name": "ntp-doc-4.2.8p15-64.16.1.x86_64",
"product_id": "ntp-doc-4.2.8p15-64.16.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-64.16.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.i586"
},
"product_reference": "ntp-4.2.8p15-64.16.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-64.16.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.ppc64"
},
"product_reference": "ntp-4.2.8p15-64.16.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-64.16.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.s390x"
},
"product_reference": "ntp-4.2.8p15-64.16.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-64.16.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.x86_64"
},
"product_reference": "ntp-4.2.8p15-64.16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-64.16.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.i586"
},
"product_reference": "ntp-doc-4.2.8p15-64.16.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-64.16.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.ppc64"
},
"product_reference": "ntp-doc-4.2.8p15-64.16.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-64.16.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.s390x"
},
"product_reference": "ntp-doc-4.2.8p15-64.16.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-64.16.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p15-64.16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-8956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-8956"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker\u0027s behalf and send them to the attacker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-8956",
"url": "https://www.suse.com/security/cve/CVE-2018-8956"
},
{
"category": "external",
"summary": "SUSE Bug 1171355 for CVE-2018-8956",
"url": "https://bugzilla.suse.com/1171355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-01T14:18:41Z",
"details": "low"
}
],
"title": "CVE-2018-8956"
},
{
"cve": "CVE-2020-11868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11868"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11868",
"url": "https://www.suse.com/security/cve/CVE-2020-11868"
},
{
"category": "external",
"summary": "SUSE Bug 1169740 for CVE-2020-11868",
"url": "https://bugzilla.suse.com/1169740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-01T14:18:41Z",
"details": "low"
}
],
"title": "CVE-2020-11868"
},
{
"cve": "CVE-2020-13817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13817"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13817",
"url": "https://www.suse.com/security/cve/CVE-2020-13817"
},
{
"category": "external",
"summary": "SUSE Bug 1172651 for CVE-2020-13817",
"url": "https://bugzilla.suse.com/1172651"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-01T14:18:41Z",
"details": "moderate"
}
],
"title": "CVE-2020-13817"
},
{
"cve": "CVE-2020-15025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15025"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15025",
"url": "https://www.suse.com/security/cve/CVE-2020-15025"
},
{
"category": "external",
"summary": "SUSE Bug 1173334 for CVE-2020-15025",
"url": "https://bugzilla.suse.com/1173334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-4.2.8p15-64.16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc-4.2.8p15-64.16.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-01T14:18:41Z",
"details": "moderate"
}
],
"title": "CVE-2020-15025"
}
]
}
suse-su-2020:1805-1
Vulnerability from csaf_suse
Published
2020-06-30 15:37
Modified
2020-06-30 15:37
Summary
Security update for ntp
Notes
Title of the patch
Security update for ntp
Description of the patch
This update for ntp fixes the following issues:
ntp was updated to 4.2.8p15
- CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address
frequently send to the client ntpd could have caused denial of service (bsc#1169740).
- CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent
a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed
mode 3 and mode 5 packets (bsc#1171355).
- CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time
from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651).
- CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming
the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334).
Patchnames
HPE-Helion-OpenStack-8-2020-1805,SUSE-2020-1805,SUSE-OpenStack-Cloud-7-2020-1805,SUSE-OpenStack-Cloud-8-2020-1805,SUSE-OpenStack-Cloud-Crowbar-8-2020-1805,SUSE-SLE-SAP-12-SP2-2020-1805,SUSE-SLE-SAP-12-SP3-2020-1805,SUSE-SLE-SERVER-12-SP2-2020-1805,SUSE-SLE-SERVER-12-SP2-BCL-2020-1805,SUSE-SLE-SERVER-12-SP3-2020-1805,SUSE-SLE-SERVER-12-SP3-BCL-2020-1805,SUSE-SLE-SERVER-12-SP4-2020-1805,SUSE-SLE-SERVER-12-SP5-2020-1805,SUSE-Storage-5-2020-1805
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ntp",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ntp fixes the following issues:\n\nntp was updated to 4.2.8p15\n\n- CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address \n frequently send to the client ntpd could have caused denial of service (bsc#1169740).\n- CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent \n a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed \n mode 3 and mode 5 packets (bsc#1171355).\n- CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time \n from victim\u0027s ntpd instance could have modified the victim\u0027s clock by a limited amount (bsc#1172651).\n- CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming \n the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334).\t \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2020-1805,SUSE-2020-1805,SUSE-OpenStack-Cloud-7-2020-1805,SUSE-OpenStack-Cloud-8-2020-1805,SUSE-OpenStack-Cloud-Crowbar-8-2020-1805,SUSE-SLE-SAP-12-SP2-2020-1805,SUSE-SLE-SAP-12-SP3-2020-1805,SUSE-SLE-SERVER-12-SP2-2020-1805,SUSE-SLE-SERVER-12-SP2-BCL-2020-1805,SUSE-SLE-SERVER-12-SP3-2020-1805,SUSE-SLE-SERVER-12-SP3-BCL-2020-1805,SUSE-SLE-SERVER-12-SP4-2020-1805,SUSE-SLE-SERVER-12-SP5-2020-1805,SUSE-Storage-5-2020-1805",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_1805-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:1805-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201805-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:1805-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-June/007056.html"
},
{
"category": "self",
"summary": "SUSE Bug 1169740",
"url": "https://bugzilla.suse.com/1169740"
},
{
"category": "self",
"summary": "SUSE Bug 1171355",
"url": "https://bugzilla.suse.com/1171355"
},
{
"category": "self",
"summary": "SUSE Bug 1172651",
"url": "https://bugzilla.suse.com/1172651"
},
{
"category": "self",
"summary": "SUSE Bug 1173334",
"url": "https://bugzilla.suse.com/1173334"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-8956 page",
"url": "https://www.suse.com/security/cve/CVE-2018-8956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11868 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13817 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15025 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15025/"
}
],
"title": "Security update for ntp",
"tracking": {
"current_release_date": "2020-06-30T15:37:45Z",
"generator": {
"date": "2020-06-30T15:37:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:1805-1",
"initial_release_date": "2020-06-30T15:37:45Z",
"revision_history": [
{
"date": "2020-06-30T15:37:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-88.1.aarch64",
"product": {
"name": "ntp-4.2.8p15-88.1.aarch64",
"product_id": "ntp-4.2.8p15-88.1.aarch64"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-88.1.aarch64",
"product": {
"name": "ntp-doc-4.2.8p15-88.1.aarch64",
"product_id": "ntp-doc-4.2.8p15-88.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-88.1.i586",
"product": {
"name": "ntp-4.2.8p15-88.1.i586",
"product_id": "ntp-4.2.8p15-88.1.i586"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-88.1.i586",
"product": {
"name": "ntp-doc-4.2.8p15-88.1.i586",
"product_id": "ntp-doc-4.2.8p15-88.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-88.1.ppc64le",
"product": {
"name": "ntp-4.2.8p15-88.1.ppc64le",
"product_id": "ntp-4.2.8p15-88.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-88.1.ppc64le",
"product": {
"name": "ntp-doc-4.2.8p15-88.1.ppc64le",
"product_id": "ntp-doc-4.2.8p15-88.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-88.1.s390",
"product": {
"name": "ntp-4.2.8p15-88.1.s390",
"product_id": "ntp-4.2.8p15-88.1.s390"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-88.1.s390",
"product": {
"name": "ntp-doc-4.2.8p15-88.1.s390",
"product_id": "ntp-doc-4.2.8p15-88.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-88.1.s390x",
"product": {
"name": "ntp-4.2.8p15-88.1.s390x",
"product_id": "ntp-4.2.8p15-88.1.s390x"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-88.1.s390x",
"product": {
"name": "ntp-doc-4.2.8p15-88.1.s390x",
"product_id": "ntp-doc-4.2.8p15-88.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-88.1.x86_64",
"product": {
"name": "ntp-4.2.8p15-88.1.x86_64",
"product_id": "ntp-4.2.8p15-88.1.x86_64"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-88.1.x86_64",
"product": {
"name": "ntp-doc-4.2.8p15-88.1.x86_64",
"product_id": "ntp-doc-4.2.8p15-88.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 5",
"product": {
"name": "SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:ntp-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:ntp-doc-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.s390x"
},
"product_reference": "ntp-4.2.8p15-88.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.s390x"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:ntp-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:ntp-doc-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:ntp-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:ntp-doc-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.ppc64le"
},
"product_reference": "ntp-4.2.8p15-88.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.ppc64le"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.ppc64le"
},
"product_reference": "ntp-4.2.8p15-88.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.ppc64le"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.ppc64le"
},
"product_reference": "ntp-4.2.8p15-88.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.s390x"
},
"product_reference": "ntp-4.2.8p15-88.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.s390x"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.aarch64"
},
"product_reference": "ntp-4.2.8p15-88.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.ppc64le"
},
"product_reference": "ntp-4.2.8p15-88.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.s390x"
},
"product_reference": "ntp-4.2.8p15-88.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.aarch64"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.s390x"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:ntp-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:ntp-doc-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.aarch64"
},
"product_reference": "ntp-4.2.8p15-88.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.ppc64le"
},
"product_reference": "ntp-4.2.8p15-88.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.s390x"
},
"product_reference": "ntp-4.2.8p15-88.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.s390x"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.aarch64"
},
"product_reference": "ntp-4.2.8p15-88.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.ppc64le"
},
"product_reference": "ntp-4.2.8p15-88.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.s390x"
},
"product_reference": "ntp-4.2.8p15-88.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.s390x"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.aarch64"
},
"product_reference": "ntp-4.2.8p15-88.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.ppc64le"
},
"product_reference": "ntp-4.2.8p15-88.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.s390x"
},
"product_reference": "ntp-4.2.8p15-88.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.s390x"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.aarch64"
},
"product_reference": "ntp-4.2.8p15-88.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.ppc64le"
},
"product_reference": "ntp-4.2.8p15-88.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.s390x"
},
"product_reference": "ntp-4.2.8p15-88.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.s390x"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.aarch64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.aarch64"
},
"product_reference": "ntp-4.2.8p15-88.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-88.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.aarch64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.aarch64"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-88.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p15-88.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-8956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-8956"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker\u0027s behalf and send them to the attacker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:ntp-4.2.8p15-88.1.x86_64",
"HPE Helion OpenStack 8:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.s390x",
"SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 8:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 8:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ntp-doc-4.2.8p15-88.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-8956",
"url": "https://www.suse.com/security/cve/CVE-2018-8956"
},
{
"category": "external",
"summary": "SUSE Bug 1171355 for CVE-2018-8956",
"url": "https://bugzilla.suse.com/1171355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:ntp-4.2.8p15-88.1.x86_64",
"HPE Helion OpenStack 8:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.s390x",
"SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 8:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 8:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ntp-doc-4.2.8p15-88.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:ntp-4.2.8p15-88.1.x86_64",
"HPE Helion OpenStack 8:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.s390x",
"SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 8:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 8:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ntp-doc-4.2.8p15-88.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-30T15:37:45Z",
"details": "low"
}
],
"title": "CVE-2018-8956"
},
{
"cve": "CVE-2020-11868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11868"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:ntp-4.2.8p15-88.1.x86_64",
"HPE Helion OpenStack 8:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.s390x",
"SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 8:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 8:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ntp-doc-4.2.8p15-88.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11868",
"url": "https://www.suse.com/security/cve/CVE-2020-11868"
},
{
"category": "external",
"summary": "SUSE Bug 1169740 for CVE-2020-11868",
"url": "https://bugzilla.suse.com/1169740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:ntp-4.2.8p15-88.1.x86_64",
"HPE Helion OpenStack 8:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.s390x",
"SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 8:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 8:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ntp-doc-4.2.8p15-88.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:ntp-4.2.8p15-88.1.x86_64",
"HPE Helion OpenStack 8:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.s390x",
"SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 8:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 8:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ntp-doc-4.2.8p15-88.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-30T15:37:45Z",
"details": "low"
}
],
"title": "CVE-2020-11868"
},
{
"cve": "CVE-2020-13817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13817"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:ntp-4.2.8p15-88.1.x86_64",
"HPE Helion OpenStack 8:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.s390x",
"SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 8:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 8:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ntp-doc-4.2.8p15-88.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13817",
"url": "https://www.suse.com/security/cve/CVE-2020-13817"
},
{
"category": "external",
"summary": "SUSE Bug 1172651 for CVE-2020-13817",
"url": "https://bugzilla.suse.com/1172651"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:ntp-4.2.8p15-88.1.x86_64",
"HPE Helion OpenStack 8:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.s390x",
"SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 8:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 8:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ntp-doc-4.2.8p15-88.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:ntp-4.2.8p15-88.1.x86_64",
"HPE Helion OpenStack 8:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.s390x",
"SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 8:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 8:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ntp-doc-4.2.8p15-88.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-30T15:37:45Z",
"details": "moderate"
}
],
"title": "CVE-2020-13817"
},
{
"cve": "CVE-2020-15025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15025"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:ntp-4.2.8p15-88.1.x86_64",
"HPE Helion OpenStack 8:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.s390x",
"SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 8:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 8:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ntp-doc-4.2.8p15-88.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15025",
"url": "https://www.suse.com/security/cve/CVE-2020-15025"
},
{
"category": "external",
"summary": "SUSE Bug 1173334 for CVE-2020-15025",
"url": "https://bugzilla.suse.com/1173334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:ntp-4.2.8p15-88.1.x86_64",
"HPE Helion OpenStack 8:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.s390x",
"SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 8:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 8:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ntp-doc-4.2.8p15-88.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:ntp-4.2.8p15-88.1.x86_64",
"HPE Helion OpenStack 8:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Enterprise Storage 5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Enterprise Storage 5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-4.2.8p15-88.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.s390x",
"SUSE OpenStack Cloud 7:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.s390x",
"SUSE OpenStack Cloud 7:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 8:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud 8:ntp-doc-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ntp-4.2.8p15-88.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ntp-doc-4.2.8p15-88.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-30T15:37:45Z",
"details": "moderate"
}
],
"title": "CVE-2020-15025"
}
]
}
suse-su-2020:1823-1
Vulnerability from csaf_suse
Published
2020-07-02 09:32
Modified
2020-07-02 09:32
Summary
Security update for ntp
Notes
Title of the patch
Security update for ntp
Description of the patch
This update for ntp fixes the following issues:
ntp was updated to 4.2.8p15
- CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address
frequently send to the client ntpd could have caused denial of service (bsc#1169740).
- CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent
a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed
mode 3 and mode 5 packets (bsc#1171355).
- CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time
from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651).
- CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming
the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334).
- Removed an OpenSSL version warning (bsc#992038 and bsc#1125401).
Patchnames
SUSE-2020-1823,SUSE-SLE-Module-Legacy-15-SP1-2020-1823,SUSE-SLE-Module-Legacy-15-SP2-2020-1823,SUSE-SLE-Product-SLES-15-2020-1823,SUSE-SLE-Product-SLES_SAP-15-2020-1823
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ntp",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ntp fixes the following issues:\n\nntp was updated to 4.2.8p15\n\n- CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address \n frequently send to the client ntpd could have caused denial of service (bsc#1169740).\n- CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent \n a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed \n mode 3 and mode 5 packets (bsc#1171355).\n- CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time \n from victim\u0027s ntpd instance could have modified the victim\u0027s clock by a limited amount (bsc#1172651).\n- CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming \n the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334).\n- Removed an OpenSSL version warning (bsc#992038 and bsc#1125401).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-1823,SUSE-SLE-Module-Legacy-15-SP1-2020-1823,SUSE-SLE-Module-Legacy-15-SP2-2020-1823,SUSE-SLE-Product-SLES-15-2020-1823,SUSE-SLE-Product-SLES_SAP-15-2020-1823",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_1823-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:1823-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201823-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:1823-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-July/007066.html"
},
{
"category": "self",
"summary": "SUSE Bug 1125401",
"url": "https://bugzilla.suse.com/1125401"
},
{
"category": "self",
"summary": "SUSE Bug 1169740",
"url": "https://bugzilla.suse.com/1169740"
},
{
"category": "self",
"summary": "SUSE Bug 1171355",
"url": "https://bugzilla.suse.com/1171355"
},
{
"category": "self",
"summary": "SUSE Bug 1172651",
"url": "https://bugzilla.suse.com/1172651"
},
{
"category": "self",
"summary": "SUSE Bug 1173334",
"url": "https://bugzilla.suse.com/1173334"
},
{
"category": "self",
"summary": "SUSE Bug 992038",
"url": "https://bugzilla.suse.com/992038"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-8956 page",
"url": "https://www.suse.com/security/cve/CVE-2018-8956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11868 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13817 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15025 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15025/"
}
],
"title": "Security update for ntp",
"tracking": {
"current_release_date": "2020-07-02T09:32:43Z",
"generator": {
"date": "2020-07-02T09:32:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:1823-1",
"initial_release_date": "2020-07-02T09:32:43Z",
"revision_history": [
{
"date": "2020-07-02T09:32:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-4.10.1.aarch64",
"product": {
"name": "ntp-4.2.8p15-4.10.1.aarch64",
"product_id": "ntp-4.2.8p15-4.10.1.aarch64"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-4.10.1.aarch64",
"product": {
"name": "ntp-doc-4.2.8p15-4.10.1.aarch64",
"product_id": "ntp-doc-4.2.8p15-4.10.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-4.10.1.i586",
"product": {
"name": "ntp-4.2.8p15-4.10.1.i586",
"product_id": "ntp-4.2.8p15-4.10.1.i586"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-4.10.1.i586",
"product": {
"name": "ntp-doc-4.2.8p15-4.10.1.i586",
"product_id": "ntp-doc-4.2.8p15-4.10.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-4.10.1.ppc64le",
"product": {
"name": "ntp-4.2.8p15-4.10.1.ppc64le",
"product_id": "ntp-4.2.8p15-4.10.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-4.10.1.ppc64le",
"product": {
"name": "ntp-doc-4.2.8p15-4.10.1.ppc64le",
"product_id": "ntp-doc-4.2.8p15-4.10.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-4.10.1.s390x",
"product": {
"name": "ntp-4.2.8p15-4.10.1.s390x",
"product_id": "ntp-4.2.8p15-4.10.1.s390x"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-4.10.1.s390x",
"product": {
"name": "ntp-doc-4.2.8p15-4.10.1.s390x",
"product_id": "ntp-doc-4.2.8p15-4.10.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-4.10.1.x86_64",
"product": {
"name": "ntp-4.2.8p15-4.10.1.x86_64",
"product_id": "ntp-4.2.8p15-4.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-4.10.1.x86_64",
"product": {
"name": "ntp-doc-4.2.8p15-4.10.1.x86_64",
"product_id": "ntp-doc-4.2.8p15-4.10.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Legacy 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Legacy 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-legacy:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Legacy 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Legacy 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-legacy:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-4.10.1.aarch64 as component of SUSE Linux Enterprise Module for Legacy 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.aarch64"
},
"product_reference": "ntp-4.2.8p15-4.10.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-4.10.1.ppc64le as component of SUSE Linux Enterprise Module for Legacy 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.ppc64le"
},
"product_reference": "ntp-4.2.8p15-4.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-4.10.1.s390x as component of SUSE Linux Enterprise Module for Legacy 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.s390x"
},
"product_reference": "ntp-4.2.8p15-4.10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-4.10.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.x86_64"
},
"product_reference": "ntp-4.2.8p15-4.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-4.10.1.aarch64 as component of SUSE Linux Enterprise Module for Legacy 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.aarch64"
},
"product_reference": "ntp-4.2.8p15-4.10.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-4.10.1.ppc64le as component of SUSE Linux Enterprise Module for Legacy 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.ppc64le"
},
"product_reference": "ntp-4.2.8p15-4.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-4.10.1.s390x as component of SUSE Linux Enterprise Module for Legacy 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.s390x"
},
"product_reference": "ntp-4.2.8p15-4.10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-4.10.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.x86_64"
},
"product_reference": "ntp-4.2.8p15-4.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-4.10.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.aarch64"
},
"product_reference": "ntp-4.2.8p15-4.10.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-4.10.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.ppc64le"
},
"product_reference": "ntp-4.2.8p15-4.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-4.10.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.s390x"
},
"product_reference": "ntp-4.2.8p15-4.10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-4.10.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.x86_64"
},
"product_reference": "ntp-4.2.8p15-4.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-4.10.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.ppc64le"
},
"product_reference": "ntp-4.2.8p15-4.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-4.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.x86_64"
},
"product_reference": "ntp-4.2.8p15-4.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-8956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-8956"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker\u0027s behalf and send them to the attacker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-8956",
"url": "https://www.suse.com/security/cve/CVE-2018-8956"
},
{
"category": "external",
"summary": "SUSE Bug 1171355 for CVE-2018-8956",
"url": "https://bugzilla.suse.com/1171355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-02T09:32:43Z",
"details": "low"
}
],
"title": "CVE-2018-8956"
},
{
"cve": "CVE-2020-11868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11868"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11868",
"url": "https://www.suse.com/security/cve/CVE-2020-11868"
},
{
"category": "external",
"summary": "SUSE Bug 1169740 for CVE-2020-11868",
"url": "https://bugzilla.suse.com/1169740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-02T09:32:43Z",
"details": "low"
}
],
"title": "CVE-2020-11868"
},
{
"cve": "CVE-2020-13817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13817"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13817",
"url": "https://www.suse.com/security/cve/CVE-2020-13817"
},
{
"category": "external",
"summary": "SUSE Bug 1172651 for CVE-2020-13817",
"url": "https://bugzilla.suse.com/1172651"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-02T09:32:43Z",
"details": "moderate"
}
],
"title": "CVE-2020-13817"
},
{
"cve": "CVE-2020-15025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15025"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15025",
"url": "https://www.suse.com/security/cve/CVE-2020-15025"
},
{
"category": "external",
"summary": "SUSE Bug 1173334 for CVE-2020-15025",
"url": "https://bugzilla.suse.com/1173334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP1:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP2:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ntp-4.2.8p15-4.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ntp-4.2.8p15-4.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-02T09:32:43Z",
"details": "moderate"
}
],
"title": "CVE-2020-15025"
}
]
}
gsd-2020-13817
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-13817",
"description": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance.",
"id": "GSD-2020-13817",
"references": [
"https://www.suse.com/security/cve/CVE-2020-13817.html",
"https://access.redhat.com/errata/RHSA-2020:2663",
"https://linux.oracle.com/cve/CVE-2020-13817.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-13817"
],
"details": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance.",
"id": "GSD-2020-13817",
"modified": "2023-12-13T01:21:46.917328Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2020:0934",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"name": "openSUSE-SU-2020:1007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"name": "GLSA-202007-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3596",
"refsource": "MISC",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3596"
},
{
"name": "https://bugs.ntp.org/show_bug.cgi?id=3596",
"refsource": "MISC",
"url": "https://bugs.ntp.org/show_bug.cgi?id=3596"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200625-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200625-0004/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.2.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p11:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p12:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p13:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.3.100",
"versionStartIncluding": "4.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13817"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3596",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3596"
},
{
"name": "https://bugs.ntp.org/show_bug.cgi?id=3596",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.ntp.org/show_bug.cgi?id=3596"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200625-0004/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200625-0004/"
},
{
"name": "openSUSE-SU-2020:0934",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"name": "openSUSE-SU-2020:1007",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"name": "GLSA-202007-12",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2
}
},
"lastModifiedDate": "2022-03-29T18:05Z",
"publishedDate": "2020-06-04T13:15Z"
}
}
}
wid-sec-w-2023-1737
Vulnerability from csaf_certbund
Published
2023-07-12 22:00
Modified
2023-07-12 22:00
Summary
Juniper Patchday Juli 2023
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JUNOS ist das "Juniper Network Operating System", das in Juniper Appliances verwendet wird.
SRX Series Services Gateways ist ein Next-Generation Anti-Threat Firewall von Juniper.
Die Juniper MX-Serie ist eine Produktfamilie von Routern.
Die Switches der QFX-Serie von Juniper sichern und automatisieren Netzwerke in Rechenzentren.
Angriff
Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen in verschiedenen Juniper Produkten ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und seine Privilegien zu erweitern.
Betroffene Betriebssysteme
- BIOS/Firmware
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "JUNOS ist das \"Juniper Network Operating System\", das in Juniper Appliances verwendet wird.\r\nSRX Series Services Gateways ist ein Next-Generation Anti-Threat Firewall von Juniper.\r\nDie Juniper MX-Serie ist eine Produktfamilie von Routern.\r\nDie Switches der QFX-Serie von Juniper sichern und automatisieren Netzwerke in Rechenzentren.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen in verschiedenen Juniper Produkten ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern.",
"title": "Angriff"
},
{
"category": "general",
"text": "- BIOS/Firmware",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1737 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1737.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1737 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1737"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2023-07-12",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71656"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2023-07-12",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71659"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2023-07-12",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71653"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2023-07-12",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71650"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2023-07-12",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71660"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2023-07-12",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71655"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2023-07-12",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71647"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2023-07-12",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71643"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2023-07-12",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71642"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2023-07-12",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71651"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2023-07-12",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71640"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2023-07-12",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71661"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2023-07-12",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71639"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2023-07-12",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71662"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2023-07-12",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71645"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2023-07-12",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71641"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2023-07-12",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71636"
}
],
"source_lang": "en-US",
"title": "Juniper Patchday Juli 2023",
"tracking": {
"current_release_date": "2023-07-12T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:55:25.536+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1737",
"initial_release_date": "2023-07-12T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-07-12T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Juniper JUNOS",
"product": {
"name": "Juniper JUNOS",
"product_id": "5930",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:-"
}
}
},
{
"category": "product_name",
"name": "Juniper JUNOS Evolved",
"product": {
"name": "Juniper JUNOS Evolved",
"product_id": "T018886",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:evolved"
}
}
},
{
"category": "product_name",
"name": "Juniper JUNOS PTX10001-36MR",
"product": {
"name": "Juniper JUNOS PTX10001-36MR",
"product_id": "T028577",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:ptx10001-36mr"
}
}
},
{
"category": "product_name",
"name": "Juniper JUNOS PTX10004",
"product": {
"name": "Juniper JUNOS PTX10004",
"product_id": "T028578",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:ptx10004"
}
}
},
{
"category": "product_name",
"name": "Juniper JUNOS PTX10008",
"product": {
"name": "Juniper JUNOS PTX10008",
"product_id": "T028579",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:ptx10008"
}
}
},
{
"category": "product_name",
"name": "Juniper JUNOS PTX10016",
"product": {
"name": "Juniper JUNOS PTX10016",
"product_id": "T028580",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:ptx10016"
}
}
},
{
"category": "product_name",
"name": "Juniper JUNOS Contrail Cloud",
"product": {
"name": "Juniper JUNOS Contrail Cloud",
"product_id": "T028581",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:contrail_cloud"
}
}
},
{
"category": "product_name",
"name": "Juniper JUNOS Space",
"product": {
"name": "Juniper JUNOS Space",
"product_id": "T028582",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:space"
}
}
}
],
"category": "product_name",
"name": "JUNOS"
},
{
"category": "product_name",
"name": "Juniper MX Series",
"product": {
"name": "Juniper MX Series",
"product_id": "918766",
"product_identification_helper": {
"cpe": "cpe:/h:juniper:mx:-"
}
}
},
{
"category": "product_name",
"name": "Juniper QFX Series 10000",
"product": {
"name": "Juniper QFX Series 10000",
"product_id": "T027256",
"product_identification_helper": {
"cpe": "cpe:/h:juniper:qfx:qfx10000"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "Juniper SRX Series",
"product": {
"name": "Juniper SRX Series",
"product_id": "T008011",
"product_identification_helper": {
"cpe": "cpe:/h:juniper:srx_service_gateways:-"
}
}
},
{
"category": "product_name",
"name": "Juniper SRX Series 5000",
"product": {
"name": "Juniper SRX Series 5000",
"product_id": "T025822",
"product_identification_helper": {
"cpe": "cpe:/h:juniper:srx_service_gateways:5000"
}
}
},
{
"category": "product_name",
"name": "Juniper SRX Series 4600",
"product": {
"name": "Juniper SRX Series 4600",
"product_id": "T028576",
"product_identification_helper": {
"cpe": "cpe:/h:juniper:srx_service_gateways:4600"
}
}
}
],
"category": "product_name",
"name": "SRX Series"
}
],
"category": "vendor",
"name": "Juniper"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-36850",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2023-36850"
},
{
"cve": "CVE-2023-36849",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2023-36849"
},
{
"cve": "CVE-2023-36848",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2023-36848"
},
{
"cve": "CVE-2023-36840",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2023-36840"
},
{
"cve": "CVE-2023-36838",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2023-36838"
},
{
"cve": "CVE-2023-36836",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2023-36836"
},
{
"cve": "CVE-2023-36835",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2023-36835"
},
{
"cve": "CVE-2023-36834",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2023-36834"
},
{
"cve": "CVE-2023-36833",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2023-36833"
},
{
"cve": "CVE-2023-36832",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2023-36832"
},
{
"cve": "CVE-2023-36831",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2023-36831"
},
{
"cve": "CVE-2023-28985",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2023-28985"
},
{
"cve": "CVE-2022-4378",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2022-4378"
},
{
"cve": "CVE-2022-42898",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2022-42898"
},
{
"cve": "CVE-2022-42703",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2022-42703"
},
{
"cve": "CVE-2022-41974",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2022-41974"
},
{
"cve": "CVE-2022-38023",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2022-38023"
},
{
"cve": "CVE-2022-3276",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2022-3276"
},
{
"cve": "CVE-2022-31629",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2022-31629"
},
{
"cve": "CVE-2022-31628",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2022-31628"
},
{
"cve": "CVE-2022-31627",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2022-31627"
},
{
"cve": "CVE-2022-31626",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2022-31626"
},
{
"cve": "CVE-2022-31625",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2022-31625"
},
{
"cve": "CVE-2022-30123",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2022-30123"
},
{
"cve": "CVE-2022-29901",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2022-29901"
},
{
"cve": "CVE-2022-29900",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2022-29900"
},
{
"cve": "CVE-2022-2964",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2022-2964"
},
{
"cve": "CVE-2022-2795",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2022-2795"
},
{
"cve": "CVE-2022-26373",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2022-26373"
},
{
"cve": "CVE-2022-2588",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2022-2588"
},
{
"cve": "CVE-2022-23825",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2022-23825"
},
{
"cve": "CVE-2021-40085",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2021-40085"
},
{
"cve": "CVE-2021-26401",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2021-26401"
},
{
"cve": "CVE-2021-25220",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2021-25220"
},
{
"cve": "CVE-2021-21708",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2021-21708"
},
{
"cve": "CVE-2021-21707",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2021-21707"
},
{
"cve": "CVE-2021-21705",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2021-21705"
},
{
"cve": "CVE-2021-21704",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2021-21704"
},
{
"cve": "CVE-2021-21703",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2021-21703"
},
{
"cve": "CVE-2021-21702",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2021-21702"
},
{
"cve": "CVE-2020-7071",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2020-7071"
},
{
"cve": "CVE-2020-13946",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2020-13946"
},
{
"cve": "CVE-2020-13817",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2020-13817"
},
{
"cve": "CVE-2020-11868",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2020-11868"
},
{
"cve": "CVE-2019-11358",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2019-11358"
},
{
"cve": "CVE-2017-7655",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2017-7655"
},
{
"cve": "CVE-2017-7654",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2017-7654"
},
{
"cve": "CVE-2017-7653",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T028581",
"T028582",
"T028580",
"918766",
"T018886",
"T025822",
"5930",
"T028578",
"T028579",
"T027256",
"T028576",
"T028577",
"T008011"
]
},
"release_date": "2023-07-12T22:00:00.000+00:00",
"title": "CVE-2017-7653"
}
]
}
ghsa-fx6x-7xgx-2wwp
Vulnerability from github
Published
2022-05-24 17:19
Modified
2025-05-05 18:30
Severity ?
VLAI Severity ?
Details
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
{
"affected": [],
"aliases": [
"CVE-2020-13817"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-04T13:15:00Z",
"severity": "MODERATE"
},
"details": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance.",
"id": "GHSA-fx6x-7xgx-2wwp",
"modified": "2025-05-05T18:30:44Z",
"published": "2022-05-24T17:19:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13817"
},
{
"type": "WEB",
"url": "https://bugs.ntp.org/show_bug.cgi?id=3596"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200625-0004"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"type": "WEB",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3596"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
opensuse-su-2020:0934-1
Vulnerability from csaf_opensuse
Published
2020-07-06 14:39
Modified
2020-07-06 14:39
Summary
Security update for ntp
Notes
Title of the patch
Security update for ntp
Description of the patch
This update for ntp fixes the following issues:
ntp was updated to 4.2.8p15
- CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address
frequently send to the client ntpd could have caused denial of service (bsc#1169740).
- CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent
a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed
mode 3 and mode 5 packets (bsc#1171355).
- CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time
from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651).
- CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming
the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334).
- Removed an OpenSSL version warning (bsc#992038 and bsc#1125401).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2020-934
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ntp",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ntp fixes the following issues:\n\nntp was updated to 4.2.8p15\n\n- CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address \n frequently send to the client ntpd could have caused denial of service (bsc#1169740).\n- CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent \n a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed \n mode 3 and mode 5 packets (bsc#1171355).\n- CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time \n from victim\u0027s ntpd instance could have modified the victim\u0027s clock by a limited amount (bsc#1172651).\n- CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming \n the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334).\n- Removed an OpenSSL version warning (bsc#992038 and bsc#1125401).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-934",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0934-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0934-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BIQMBPSMZGTUEK5KJC4HX6YOA3YJ3SL6/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0934-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BIQMBPSMZGTUEK5KJC4HX6YOA3YJ3SL6/"
},
{
"category": "self",
"summary": "SUSE Bug 1125401",
"url": "https://bugzilla.suse.com/1125401"
},
{
"category": "self",
"summary": "SUSE Bug 1169740",
"url": "https://bugzilla.suse.com/1169740"
},
{
"category": "self",
"summary": "SUSE Bug 1171355",
"url": "https://bugzilla.suse.com/1171355"
},
{
"category": "self",
"summary": "SUSE Bug 1172651",
"url": "https://bugzilla.suse.com/1172651"
},
{
"category": "self",
"summary": "SUSE Bug 1173334",
"url": "https://bugzilla.suse.com/1173334"
},
{
"category": "self",
"summary": "SUSE Bug 992038",
"url": "https://bugzilla.suse.com/992038"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-8956 page",
"url": "https://www.suse.com/security/cve/CVE-2018-8956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11868 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13817 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15025 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15025/"
}
],
"title": "Security update for ntp",
"tracking": {
"current_release_date": "2020-07-06T14:39:34Z",
"generator": {
"date": "2020-07-06T14:39:34Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0934-1",
"initial_release_date": "2020-07-06T14:39:34Z",
"revision_history": [
{
"date": "2020-07-06T14:39:34Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-lp151.2.3.1.i586",
"product": {
"name": "ntp-4.2.8p15-lp151.2.3.1.i586",
"product_id": "ntp-4.2.8p15-lp151.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-lp151.2.3.1.i586",
"product": {
"name": "ntp-doc-4.2.8p15-lp151.2.3.1.i586",
"product_id": "ntp-doc-4.2.8p15-lp151.2.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-lp151.2.3.1.x86_64",
"product": {
"name": "ntp-4.2.8p15-lp151.2.3.1.x86_64",
"product_id": "ntp-4.2.8p15-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-lp151.2.3.1.x86_64",
"product": {
"name": "ntp-doc-4.2.8p15-lp151.2.3.1.x86_64",
"product_id": "ntp-doc-4.2.8p15-lp151.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.i586"
},
"product_reference": "ntp-4.2.8p15-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.x86_64"
},
"product_reference": "ntp-4.2.8p15-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.i586"
},
"product_reference": "ntp-doc-4.2.8p15-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p15-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-8956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-8956"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker\u0027s behalf and send them to the attacker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.i586",
"openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.i586",
"openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-8956",
"url": "https://www.suse.com/security/cve/CVE-2018-8956"
},
{
"category": "external",
"summary": "SUSE Bug 1171355 for CVE-2018-8956",
"url": "https://bugzilla.suse.com/1171355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.i586",
"openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.i586",
"openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.i586",
"openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.i586",
"openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-06T14:39:34Z",
"details": "low"
}
],
"title": "CVE-2018-8956"
},
{
"cve": "CVE-2020-11868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11868"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.i586",
"openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.i586",
"openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11868",
"url": "https://www.suse.com/security/cve/CVE-2020-11868"
},
{
"category": "external",
"summary": "SUSE Bug 1169740 for CVE-2020-11868",
"url": "https://bugzilla.suse.com/1169740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.i586",
"openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.i586",
"openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.i586",
"openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.i586",
"openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-06T14:39:34Z",
"details": "low"
}
],
"title": "CVE-2020-11868"
},
{
"cve": "CVE-2020-13817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13817"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.i586",
"openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.i586",
"openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13817",
"url": "https://www.suse.com/security/cve/CVE-2020-13817"
},
{
"category": "external",
"summary": "SUSE Bug 1172651 for CVE-2020-13817",
"url": "https://bugzilla.suse.com/1172651"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.i586",
"openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.i586",
"openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.i586",
"openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.i586",
"openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-06T14:39:34Z",
"details": "moderate"
}
],
"title": "CVE-2020-13817"
},
{
"cve": "CVE-2020-15025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15025"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.i586",
"openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.i586",
"openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15025",
"url": "https://www.suse.com/security/cve/CVE-2020-15025"
},
{
"category": "external",
"summary": "SUSE Bug 1173334 for CVE-2020-15025",
"url": "https://bugzilla.suse.com/1173334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.i586",
"openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.i586",
"openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.i586",
"openSUSE Leap 15.1:ntp-4.2.8p15-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.i586",
"openSUSE Leap 15.1:ntp-doc-4.2.8p15-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-06T14:39:34Z",
"details": "moderate"
}
],
"title": "CVE-2020-15025"
}
]
}
opensuse-su-2020:1007-1
Vulnerability from csaf_opensuse
Published
2020-07-19 08:27
Modified
2020-07-19 08:27
Summary
Security update for ntp
Notes
Title of the patch
Security update for ntp
Description of the patch
This update for ntp fixes the following issues:
ntp was updated to 4.2.8p15
- CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address
frequently send to the client ntpd could have caused denial of service (bsc#1169740).
- CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent
a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed
mode 3 and mode 5 packets (bsc#1171355).
- CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time
from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651).
- CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming
the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334).
- Removed an OpenSSL version warning (bsc#992038 and bsc#1125401).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2020-1007
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ntp",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ntp fixes the following issues:\n\nntp was updated to 4.2.8p15\n\n- CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address \n frequently send to the client ntpd could have caused denial of service (bsc#1169740).\n- CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent \n a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed \n mode 3 and mode 5 packets (bsc#1171355).\n- CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time \n from victim\u0027s ntpd instance could have modified the victim\u0027s clock by a limited amount (bsc#1172651).\n- CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming \n the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334).\n- Removed an OpenSSL version warning (bsc#992038 and bsc#1125401).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1007",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1007-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1007-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JNRU5O2D5HWSXEDH4T2XTCSGOTFSCOIH/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1007-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JNRU5O2D5HWSXEDH4T2XTCSGOTFSCOIH/"
},
{
"category": "self",
"summary": "SUSE Bug 1125401",
"url": "https://bugzilla.suse.com/1125401"
},
{
"category": "self",
"summary": "SUSE Bug 1169740",
"url": "https://bugzilla.suse.com/1169740"
},
{
"category": "self",
"summary": "SUSE Bug 1171355",
"url": "https://bugzilla.suse.com/1171355"
},
{
"category": "self",
"summary": "SUSE Bug 1172651",
"url": "https://bugzilla.suse.com/1172651"
},
{
"category": "self",
"summary": "SUSE Bug 1173334",
"url": "https://bugzilla.suse.com/1173334"
},
{
"category": "self",
"summary": "SUSE Bug 992038",
"url": "https://bugzilla.suse.com/992038"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-8956 page",
"url": "https://www.suse.com/security/cve/CVE-2018-8956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11868 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13817 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15025 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15025/"
}
],
"title": "Security update for ntp",
"tracking": {
"current_release_date": "2020-07-19T08:27:16Z",
"generator": {
"date": "2020-07-19T08:27:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1007-1",
"initial_release_date": "2020-07-19T08:27:16Z",
"revision_history": [
{
"date": "2020-07-19T08:27:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-lp152.3.3.1.i586",
"product": {
"name": "ntp-4.2.8p15-lp152.3.3.1.i586",
"product_id": "ntp-4.2.8p15-lp152.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-lp152.3.3.1.i586",
"product": {
"name": "ntp-doc-4.2.8p15-lp152.3.3.1.i586",
"product_id": "ntp-doc-4.2.8p15-lp152.3.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-lp152.3.3.1.x86_64",
"product": {
"name": "ntp-4.2.8p15-lp152.3.3.1.x86_64",
"product_id": "ntp-4.2.8p15-lp152.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-lp152.3.3.1.x86_64",
"product": {
"name": "ntp-doc-4.2.8p15-lp152.3.3.1.x86_64",
"product_id": "ntp-doc-4.2.8p15-lp152.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-lp152.3.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.i586"
},
"product_reference": "ntp-4.2.8p15-lp152.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-lp152.3.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.x86_64"
},
"product_reference": "ntp-4.2.8p15-lp152.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-lp152.3.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.i586"
},
"product_reference": "ntp-doc-4.2.8p15-lp152.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-lp152.3.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.x86_64"
},
"product_reference": "ntp-doc-4.2.8p15-lp152.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-8956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-8956"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker\u0027s behalf and send them to the attacker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.i586",
"openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.x86_64",
"openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.i586",
"openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-8956",
"url": "https://www.suse.com/security/cve/CVE-2018-8956"
},
{
"category": "external",
"summary": "SUSE Bug 1171355 for CVE-2018-8956",
"url": "https://bugzilla.suse.com/1171355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.i586",
"openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.x86_64",
"openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.i586",
"openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.i586",
"openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.x86_64",
"openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.i586",
"openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-19T08:27:16Z",
"details": "low"
}
],
"title": "CVE-2018-8956"
},
{
"cve": "CVE-2020-11868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11868"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.i586",
"openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.x86_64",
"openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.i586",
"openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11868",
"url": "https://www.suse.com/security/cve/CVE-2020-11868"
},
{
"category": "external",
"summary": "SUSE Bug 1169740 for CVE-2020-11868",
"url": "https://bugzilla.suse.com/1169740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.i586",
"openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.x86_64",
"openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.i586",
"openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.i586",
"openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.x86_64",
"openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.i586",
"openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-19T08:27:16Z",
"details": "low"
}
],
"title": "CVE-2020-11868"
},
{
"cve": "CVE-2020-13817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13817"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.i586",
"openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.x86_64",
"openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.i586",
"openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13817",
"url": "https://www.suse.com/security/cve/CVE-2020-13817"
},
{
"category": "external",
"summary": "SUSE Bug 1172651 for CVE-2020-13817",
"url": "https://bugzilla.suse.com/1172651"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.i586",
"openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.x86_64",
"openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.i586",
"openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.i586",
"openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.x86_64",
"openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.i586",
"openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-19T08:27:16Z",
"details": "moderate"
}
],
"title": "CVE-2020-13817"
},
{
"cve": "CVE-2020-15025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15025"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.i586",
"openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.x86_64",
"openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.i586",
"openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15025",
"url": "https://www.suse.com/security/cve/CVE-2020-15025"
},
{
"category": "external",
"summary": "SUSE Bug 1173334 for CVE-2020-15025",
"url": "https://bugzilla.suse.com/1173334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.i586",
"openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.x86_64",
"openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.i586",
"openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.i586",
"openSUSE Leap 15.2:ntp-4.2.8p15-lp152.3.3.1.x86_64",
"openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.i586",
"openSUSE Leap 15.2:ntp-doc-4.2.8p15-lp152.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-19T08:27:16Z",
"details": "moderate"
}
],
"title": "CVE-2020-15025"
}
]
}
opensuse-su-2024:11102-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
ntp-4.2.8p15-7.2 on GA media
Notes
Title of the patch
ntp-4.2.8p15-7.2 on GA media
Description of the patch
These are all security issues fixed in the ntp-4.2.8p15-7.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11102
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ntp-4.2.8p15-7.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ntp-4.2.8p15-7.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11102",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11102-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9042 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9042/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6451 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6451/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6458 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6458/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6460 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6460/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6462 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6462/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6463 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6463/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6464 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6464/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12327 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12327/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7170 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7170/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7182 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7183 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7184 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7185 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-8956 page",
"url": "https://www.suse.com/security/cve/CVE-2018-8956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8936 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8936/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11868 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13817 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15025 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15025/"
}
],
"title": "ntp-4.2.8p15-7.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11102-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-7.2.aarch64",
"product": {
"name": "ntp-4.2.8p15-7.2.aarch64",
"product_id": "ntp-4.2.8p15-7.2.aarch64"
}
},
{
"category": "product_version",
"name": "ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"product": {
"name": "ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"product_id": "ntp-dcf77-tools-4.2.8p15-7.2.aarch64"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-7.2.aarch64",
"product": {
"name": "ntp-doc-4.2.8p15-7.2.aarch64",
"product_id": "ntp-doc-4.2.8p15-7.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-7.2.ppc64le",
"product": {
"name": "ntp-4.2.8p15-7.2.ppc64le",
"product_id": "ntp-4.2.8p15-7.2.ppc64le"
}
},
{
"category": "product_version",
"name": "ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"product": {
"name": "ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"product_id": "ntp-dcf77-tools-4.2.8p15-7.2.ppc64le"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-7.2.ppc64le",
"product": {
"name": "ntp-doc-4.2.8p15-7.2.ppc64le",
"product_id": "ntp-doc-4.2.8p15-7.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-7.2.s390x",
"product": {
"name": "ntp-4.2.8p15-7.2.s390x",
"product_id": "ntp-4.2.8p15-7.2.s390x"
}
},
{
"category": "product_version",
"name": "ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"product": {
"name": "ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"product_id": "ntp-dcf77-tools-4.2.8p15-7.2.s390x"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-7.2.s390x",
"product": {
"name": "ntp-doc-4.2.8p15-7.2.s390x",
"product_id": "ntp-doc-4.2.8p15-7.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-4.2.8p15-7.2.x86_64",
"product": {
"name": "ntp-4.2.8p15-7.2.x86_64",
"product_id": "ntp-4.2.8p15-7.2.x86_64"
}
},
{
"category": "product_version",
"name": "ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"product": {
"name": "ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"product_id": "ntp-dcf77-tools-4.2.8p15-7.2.x86_64"
}
},
{
"category": "product_version",
"name": "ntp-doc-4.2.8p15-7.2.x86_64",
"product": {
"name": "ntp-doc-4.2.8p15-7.2.x86_64",
"product_id": "ntp-doc-4.2.8p15-7.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-7.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64"
},
"product_reference": "ntp-4.2.8p15-7.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-7.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le"
},
"product_reference": "ntp-4.2.8p15-7.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-7.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x"
},
"product_reference": "ntp-4.2.8p15-7.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-4.2.8p15-7.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64"
},
"product_reference": "ntp-4.2.8p15-7.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-dcf77-tools-4.2.8p15-7.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64"
},
"product_reference": "ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-dcf77-tools-4.2.8p15-7.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le"
},
"product_reference": "ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-dcf77-tools-4.2.8p15-7.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x"
},
"product_reference": "ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-dcf77-tools-4.2.8p15-7.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64"
},
"product_reference": "ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-7.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64"
},
"product_reference": "ntp-doc-4.2.8p15-7.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-7.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le"
},
"product_reference": "ntp-doc-4.2.8p15-7.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-7.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x"
},
"product_reference": "ntp-doc-4.2.8p15-7.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-4.2.8p15-7.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
},
"product_reference": "ntp-doc-4.2.8p15-7.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-9042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9042"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9042",
"url": "https://www.suse.com/security/cve/CVE-2016-9042"
},
{
"category": "external",
"summary": "SUSE Bug 1030050 for CVE-2016-9042",
"url": "https://bugzilla.suse.com/1030050"
},
{
"category": "external",
"summary": "SUSE Bug 1038049 for CVE-2016-9042",
"url": "https://bugzilla.suse.com/1038049"
},
{
"category": "external",
"summary": "SUSE Bug 1044525 for CVE-2016-9042",
"url": "https://bugzilla.suse.com/1044525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9042"
},
{
"cve": "CVE-2017-6451",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6451"
}
],
"notes": [
{
"category": "general",
"text": "The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6451",
"url": "https://www.suse.com/security/cve/CVE-2017-6451"
},
{
"category": "external",
"summary": "SUSE Bug 1030050 for CVE-2017-6451",
"url": "https://bugzilla.suse.com/1030050"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-6451"
},
{
"cve": "CVE-2017-6458",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6458"
}
],
"notes": [
{
"category": "general",
"text": "Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6458",
"url": "https://www.suse.com/security/cve/CVE-2017-6458"
},
{
"category": "external",
"summary": "SUSE Bug 1030050 for CVE-2017-6458",
"url": "https://bugzilla.suse.com/1030050"
},
{
"category": "external",
"summary": "SUSE Bug 1038049 for CVE-2017-6458",
"url": "https://bugzilla.suse.com/1038049"
},
{
"category": "external",
"summary": "SUSE Bug 1044525 for CVE-2017-6458",
"url": "https://bugzilla.suse.com/1044525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-6458"
},
{
"cve": "CVE-2017-6460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6460"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6460",
"url": "https://www.suse.com/security/cve/CVE-2017-6460"
},
{
"category": "external",
"summary": "SUSE Bug 1030050 for CVE-2017-6460",
"url": "https://bugzilla.suse.com/1030050"
},
{
"category": "external",
"summary": "SUSE Bug 1038049 for CVE-2017-6460",
"url": "https://bugzilla.suse.com/1038049"
},
{
"category": "external",
"summary": "SUSE Bug 1044525 for CVE-2017-6460",
"url": "https://bugzilla.suse.com/1044525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-6460"
},
{
"cve": "CVE-2017-6462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6462"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6462",
"url": "https://www.suse.com/security/cve/CVE-2017-6462"
},
{
"category": "external",
"summary": "SUSE Bug 1030050 for CVE-2017-6462",
"url": "https://bugzilla.suse.com/1030050"
},
{
"category": "external",
"summary": "SUSE Bug 1038049 for CVE-2017-6462",
"url": "https://bugzilla.suse.com/1038049"
},
{
"category": "external",
"summary": "SUSE Bug 1044525 for CVE-2017-6462",
"url": "https://bugzilla.suse.com/1044525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-6462"
},
{
"cve": "CVE-2017-6463",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6463"
}
],
"notes": [
{
"category": "general",
"text": "NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6463",
"url": "https://www.suse.com/security/cve/CVE-2017-6463"
},
{
"category": "external",
"summary": "SUSE Bug 1030050 for CVE-2017-6463",
"url": "https://bugzilla.suse.com/1030050"
},
{
"category": "external",
"summary": "SUSE Bug 1038049 for CVE-2017-6463",
"url": "https://bugzilla.suse.com/1038049"
},
{
"category": "external",
"summary": "SUSE Bug 1044525 for CVE-2017-6463",
"url": "https://bugzilla.suse.com/1044525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-6463"
},
{
"cve": "CVE-2017-6464",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6464"
}
],
"notes": [
{
"category": "general",
"text": "NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6464",
"url": "https://www.suse.com/security/cve/CVE-2017-6464"
},
{
"category": "external",
"summary": "SUSE Bug 1030050 for CVE-2017-6464",
"url": "https://bugzilla.suse.com/1030050"
},
{
"category": "external",
"summary": "SUSE Bug 1038049 for CVE-2017-6464",
"url": "https://bugzilla.suse.com/1038049"
},
{
"category": "external",
"summary": "SUSE Bug 1044525 for CVE-2017-6464",
"url": "https://bugzilla.suse.com/1044525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-6464"
},
{
"cve": "CVE-2018-12327",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12327"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12327",
"url": "https://www.suse.com/security/cve/CVE-2018-12327"
},
{
"category": "external",
"summary": "SUSE Bug 1098531 for CVE-2018-12327",
"url": "https://bugzilla.suse.com/1098531"
},
{
"category": "external",
"summary": "SUSE Bug 1107887 for CVE-2018-12327",
"url": "https://bugzilla.suse.com/1107887"
},
{
"category": "external",
"summary": "SUSE Bug 1111552 for CVE-2018-12327",
"url": "https://bugzilla.suse.com/1111552"
},
{
"category": "external",
"summary": "SUSE Bug 1111853 for CVE-2018-12327",
"url": "https://bugzilla.suse.com/1111853"
},
{
"category": "external",
"summary": "SUSE Bug 1155513 for CVE-2018-12327",
"url": "https://bugzilla.suse.com/1155513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-12327"
},
{
"cve": "CVE-2018-7170",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7170"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim\u0027s clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7170",
"url": "https://www.suse.com/security/cve/CVE-2018-7170"
},
{
"category": "external",
"summary": "SUSE Bug 1082210 for CVE-2018-7170",
"url": "https://bugzilla.suse.com/1082210"
},
{
"category": "external",
"summary": "SUSE Bug 1083424 for CVE-2018-7170",
"url": "https://bugzilla.suse.com/1083424"
},
{
"category": "external",
"summary": "SUSE Bug 1087324 for CVE-2018-7170",
"url": "https://bugzilla.suse.com/1087324"
},
{
"category": "external",
"summary": "SUSE Bug 1098531 for CVE-2018-7170",
"url": "https://bugzilla.suse.com/1098531"
},
{
"category": "external",
"summary": "SUSE Bug 1155513 for CVE-2018-7170",
"url": "https://bugzilla.suse.com/1155513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-7170"
},
{
"cve": "CVE-2018-7182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7182"
}
],
"notes": [
{
"category": "general",
"text": "The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7182",
"url": "https://www.suse.com/security/cve/CVE-2018-7182"
},
{
"category": "external",
"summary": "SUSE Bug 1082210 for CVE-2018-7182",
"url": "https://bugzilla.suse.com/1082210"
},
{
"category": "external",
"summary": "SUSE Bug 1083426 for CVE-2018-7182",
"url": "https://bugzilla.suse.com/1083426"
},
{
"category": "external",
"summary": "SUSE Bug 1087324 for CVE-2018-7182",
"url": "https://bugzilla.suse.com/1087324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-7182"
},
{
"cve": "CVE-2018-7183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7183"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7183",
"url": "https://www.suse.com/security/cve/CVE-2018-7183"
},
{
"category": "external",
"summary": "SUSE Bug 1082210 for CVE-2018-7183",
"url": "https://bugzilla.suse.com/1082210"
},
{
"category": "external",
"summary": "SUSE Bug 1083417 for CVE-2018-7183",
"url": "https://bugzilla.suse.com/1083417"
},
{
"category": "external",
"summary": "SUSE Bug 1087324 for CVE-2018-7183",
"url": "https://bugzilla.suse.com/1087324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-7183"
},
{
"cve": "CVE-2018-7184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7184"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the \"received\" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7184",
"url": "https://www.suse.com/security/cve/CVE-2018-7184"
},
{
"category": "external",
"summary": "SUSE Bug 1082210 for CVE-2018-7184",
"url": "https://bugzilla.suse.com/1082210"
},
{
"category": "external",
"summary": "SUSE Bug 1083422 for CVE-2018-7184",
"url": "https://bugzilla.suse.com/1083422"
},
{
"category": "external",
"summary": "SUSE Bug 1087324 for CVE-2018-7184",
"url": "https://bugzilla.suse.com/1087324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-7184"
},
{
"cve": "CVE-2018-7185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7185"
}
],
"notes": [
{
"category": "general",
"text": "The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the \"other side\" of an interleaved association causing the victim ntpd to reset its association.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7185",
"url": "https://www.suse.com/security/cve/CVE-2018-7185"
},
{
"category": "external",
"summary": "SUSE Bug 1082210 for CVE-2018-7185",
"url": "https://bugzilla.suse.com/1082210"
},
{
"category": "external",
"summary": "SUSE Bug 1083420 for CVE-2018-7185",
"url": "https://bugzilla.suse.com/1083420"
},
{
"category": "external",
"summary": "SUSE Bug 1087324 for CVE-2018-7185",
"url": "https://bugzilla.suse.com/1087324"
},
{
"category": "external",
"summary": "SUSE Bug 1089405 for CVE-2018-7185",
"url": "https://bugzilla.suse.com/1089405"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-7185"
},
{
"cve": "CVE-2018-8956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-8956"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker\u0027s behalf and send them to the attacker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-8956",
"url": "https://www.suse.com/security/cve/CVE-2018-8956"
},
{
"category": "external",
"summary": "SUSE Bug 1171355 for CVE-2018-8956",
"url": "https://bugzilla.suse.com/1171355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-8956"
},
{
"cve": "CVE-2019-8936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8936"
}
],
"notes": [
{
"category": "general",
"text": "NTP through 4.2.8p12 has a NULL Pointer Dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8936",
"url": "https://www.suse.com/security/cve/CVE-2019-8936"
},
{
"category": "external",
"summary": "SUSE Bug 1128525 for CVE-2019-8936",
"url": "https://bugzilla.suse.com/1128525"
},
{
"category": "external",
"summary": "SUSE Bug 1148892 for CVE-2019-8936",
"url": "https://bugzilla.suse.com/1148892"
},
{
"category": "external",
"summary": "SUSE Bug 1155513 for CVE-2019-8936",
"url": "https://bugzilla.suse.com/1155513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-8936"
},
{
"cve": "CVE-2020-11868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11868"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11868",
"url": "https://www.suse.com/security/cve/CVE-2020-11868"
},
{
"category": "external",
"summary": "SUSE Bug 1169740 for CVE-2020-11868",
"url": "https://bugzilla.suse.com/1169740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2020-11868"
},
{
"cve": "CVE-2020-13817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13817"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13817",
"url": "https://www.suse.com/security/cve/CVE-2020-13817"
},
{
"category": "external",
"summary": "SUSE Bug 1172651 for CVE-2020-13817",
"url": "https://bugzilla.suse.com/1172651"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-13817"
},
{
"cve": "CVE-2020-15025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15025"
}
],
"notes": [
{
"category": "general",
"text": "ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15025",
"url": "https://www.suse.com/security/cve/CVE-2020-15025"
},
{
"category": "external",
"summary": "SUSE Bug 1173334 for CVE-2020-15025",
"url": "https://bugzilla.suse.com/1173334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-dcf77-tools-4.2.8p15-7.2.x86_64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.aarch64",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.ppc64le",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.s390x",
"openSUSE Tumbleweed:ntp-doc-4.2.8p15-7.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-15025"
}
]
}
fkie_cve-2020-13817
Vulnerability from fkie_nvd
Published
2020-06-04 13:15
Modified
2025-05-05 17:15
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://support.ntp.org/bin/view/Main/NtpBug3596 | Vendor Advisory | |
| cve@mitre.org | https://bugs.ntp.org/show_bug.cgi?id=3596 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202007-12 | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20200625-0004/ | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujan2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.ntp.org/bin/view/Main/NtpBug3596 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.ntp.org/show_bug.cgi?id=3596 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202007-12 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20200625-0004/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2022.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | * | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| netapp | cloud_backup | - | |
| netapp | clustered_data_ontap | - | |
| netapp | data_ontap | - | |
| netapp | element_software | - | |
| netapp | hci_management_node | - | |
| netapp | ontap_tools | - | |
| netapp | solidfire | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| netapp | hci_compute_node_firmware | - | |
| netapp | hci_compute_node | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h300e_firmware | - | |
| netapp | h300e | - | |
| netapp | h500e_firmware | - | |
| netapp | h500e | - | |
| netapp | h700e_firmware | - | |
| netapp | h700e | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 | |
| fujitsu | m10-1_firmware | * | |
| fujitsu | m10-1 | - | |
| fujitsu | m10-4_firmware | * | |
| fujitsu | m10-4 | - | |
| fujitsu | m10-4s_firmware | * | |
| fujitsu | m10-4s | - | |
| fujitsu | m12-1_firmware | * | |
| fujitsu | m12-1 | - | |
| fujitsu | m12-2_firmware | * | |
| fujitsu | m12-2 | - | |
| fujitsu | m12-2s_firmware | * | |
| fujitsu | m12-2s | - | |
| fujitsu | m10-4_firmware | * | |
| fujitsu | m10-4 | - | |
| fujitsu | m10-4s_firmware | * | |
| fujitsu | m10-4s | - | |
| fujitsu | m12-1_firmware | * | |
| fujitsu | m12-1 | - | |
| fujitsu | m12-2_firmware | * | |
| fujitsu | m12-2 | - | |
| fujitsu | m12-2s_firmware | * | |
| fujitsu | m12-2s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CED3C1F7-6FFA-44D1-BC56-2BB1963F3B9F",
"versionEndExcluding": "4.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB8D7864-41B0-443E-96CF-B011B95223F0",
"versionEndExcluding": "4.3.100",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*",
"matchCriteriaId": "0BC62D4E-D519-458C-BE4E-10DDB73A97D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p11:*:*:*:*:*:*",
"matchCriteriaId": "1C420117-862A-41A9-BAE8-8B3478FAEBC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p12:*:*:*:*:*:*",
"matchCriteriaId": "4A484251-3220-498C-83FE-A04B013A31A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p13:*:*:*:*:*:*",
"matchCriteriaId": "E0CE4157-852B-42ED-A77C-8A17B189432E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
"matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
"matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
"matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*",
"matchCriteriaId": "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
"matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "6C2ACC32-5147-4EA5-95BE-B6B4EAB3D82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "CBCC384C-5DF0-41AB-B17B-6E9B6CAE8065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F921BC85-568E-4B69-A3CD-CF75C76672F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E63B7B2-409A-476E-BA12-2A2D2F3B85DE",
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB5D4C9-DA14-4188-9181-17336F9445F6",
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B65E2F3-57EC-46C0-BB4A-0A0F3F8D387E",
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90B7CFBF-761C-4EAA-A322-EF5E294AADED",
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48B28ABF-7E1A-4A1E-8F78-0D95D7BDF886",
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E74AAF52-1388-4BD9-B17B-3A6A32CA3608",
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC0460E-4695-44FB-99EE-28B2C957B760",
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD54A092-85A7-4459-9C69-19E6E24AC24B",
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F813DBC-BA1E-4C73-AA11-1BD3F9508372",
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFDF4F39-1C6C-4AD3-99CF-BD5B44B8C71B",
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "416B805F-799A-4466-AC5A-93D083A2ABBD",
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance."
},
{
"lang": "es",
"value": "ntpd en ntp versiones anteriores a 4.2.8p14 y versiones 4.3.x versiones anteriores a 4.3.100, permite a atacantes remotos causar una denegaci\u00f3n de servicio (salida del demonio o cambio de hora del sistema) mediante la predicci\u00f3n de las marcas de tiempo de transmisi\u00f3n para su uso en paquetes falsificados. La v\u00edctima debe confiar en fuentes de tiempo IPv4 no autenticadas. Debe haber un atacante fuera de la ruta que pueda consultar el tiempo desde la instancia ntpd de la v\u00edctima"
}
],
"id": "CVE-2020-13817",
"lastModified": "2025-05-05T17:15:59.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2020-06-04T13:15:11.053",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3596"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.ntp.org/show_bug.cgi?id=3596"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200625-0004/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.ntp.org/show_bug.cgi?id=3596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200625-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
rhsa-2020:2663
Vulnerability from csaf_redhat
Published
2020-06-23 12:33
Modified
2024-11-22 15:15
Summary
Red Hat Security Advisory: ntp security update
Notes
Topic
An update for ntp is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.
Security Fix(es):
* ntp: ntpd using highly predictable transmit timestamps could result in time change or DoS (CVE-2020-13817)
* ntp: DoS on client ntpd using server mode packet (CVE-2020-11868)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for ntp is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Network Time Protocol (NTP) is used to synchronize a computer\u0027s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.\n\nSecurity Fix(es):\n\n* ntp: ntpd using highly predictable transmit timestamps could result in time change or DoS (CVE-2020-13817)\n\n* ntp: DoS on client ntpd using server mode packet (CVE-2020-11868)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:2663",
"url": "https://access.redhat.com/errata/RHSA-2020:2663"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1716665",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1716665"
},
{
"category": "external",
"summary": "1811627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1811627"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2663.json"
}
],
"title": "Red Hat Security Advisory: ntp security update",
"tracking": {
"current_release_date": "2024-11-22T15:15:39+00:00",
"generator": {
"date": "2024-11-22T15:15:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:2663",
"initial_release_date": "2020-06-23T12:33:41+00:00",
"revision_history": [
{
"date": "2020-06-23T12:33:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-06-23T12:33:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T15:15:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.8.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.8.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.8.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.8.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.8.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.8.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.8.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.8.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"product": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"product_id": "ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp@4.2.6p5-29.el7_8.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"product": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"product_id": "ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntpdate@4.2.6p5-29.el7_8.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"product": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"product_id": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.6p5-29.el7_8.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"product": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"product_id": "sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sntp@4.2.6p5-29.el7_8.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-0:4.2.6p5-29.el7_8.2.src",
"product": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.src",
"product_id": "ntp-0:4.2.6p5-29.el7_8.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp@4.2.6p5-29.el7_8.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"product": {
"name": "ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"product_id": "ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp-doc@4.2.6p5-29.el7_8.2?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"product": {
"name": "ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"product_id": "ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp-perl@4.2.6p5-29.el7_8.2?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-0:4.2.6p5-29.el7_8.2.s390x",
"product": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.s390x",
"product_id": "ntp-0:4.2.6p5-29.el7_8.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp@4.2.6p5-29.el7_8.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"product": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"product_id": "ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntpdate@4.2.6p5-29.el7_8.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"product": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"product_id": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.6p5-29.el7_8.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "sntp-0:4.2.6p5-29.el7_8.2.s390x",
"product": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.s390x",
"product_id": "sntp-0:4.2.6p5-29.el7_8.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sntp@4.2.6p5-29.el7_8.2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"product": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"product_id": "ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp@4.2.6p5-29.el7_8.2?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"product": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"product_id": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntpdate@4.2.6p5-29.el7_8.2?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"product": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"product_id": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.6p5-29.el7_8.2?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"product": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"product_id": "sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sntp@4.2.6p5-29.el7_8.2?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"product": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"product_id": "ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp@4.2.6p5-29.el7_8.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"product": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"product_id": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntpdate@4.2.6p5-29.el7_8.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"product": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"product_id": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.6p5-29.el7_8.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"product": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"product_id": "sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sntp@4.2.6p5-29.el7_8.2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7Client-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7Client-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7Client-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.src",
"relates_to_product_reference": "7Client-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7Client-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7Client-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7Client-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7Client-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7Client-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-0:4.2.6p5-29.el7_8.2.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch"
},
"product_reference": "ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"relates_to_product_reference": "7Client-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-perl-0:4.2.6p5-29.el7_8.2.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch"
},
"product_reference": "ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"relates_to_product_reference": "7Client-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7Client-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7Client-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7Client-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7Client-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7Client-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7Client-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7Client-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7Client-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7Client-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7Client-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7Client-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.src",
"relates_to_product_reference": "7Client-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7Client-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7Client-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7Client-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7Client-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7Client-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-0:4.2.6p5-29.el7_8.2.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch"
},
"product_reference": "ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"relates_to_product_reference": "7Client-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-perl-0:4.2.6p5-29.el7_8.2.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch"
},
"product_reference": "ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"relates_to_product_reference": "7Client-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7Client-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7Client-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7Client-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7Client-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7Client-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7Client-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7Client-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7Client-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7ComputeNode-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7ComputeNode-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.src",
"relates_to_product_reference": "7ComputeNode-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7ComputeNode-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7ComputeNode-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7ComputeNode-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7ComputeNode-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-0:4.2.6p5-29.el7_8.2.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch"
},
"product_reference": "ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"relates_to_product_reference": "7ComputeNode-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-perl-0:4.2.6p5-29.el7_8.2.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch"
},
"product_reference": "ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"relates_to_product_reference": "7ComputeNode-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7ComputeNode-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7ComputeNode-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7ComputeNode-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7ComputeNode-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7ComputeNode-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7ComputeNode-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.src",
"relates_to_product_reference": "7ComputeNode-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-0:4.2.6p5-29.el7_8.2.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch"
},
"product_reference": "ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-perl-0:4.2.6p5-29.el7_8.2.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch"
},
"product_reference": "ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7Server-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7Server-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7Server-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.src",
"relates_to_product_reference": "7Server-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7Server-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7Server-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7Server-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7Server-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7Server-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-0:4.2.6p5-29.el7_8.2.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch"
},
"product_reference": "ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"relates_to_product_reference": "7Server-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-perl-0:4.2.6p5-29.el7_8.2.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch"
},
"product_reference": "ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"relates_to_product_reference": "7Server-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7Server-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7Server-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7Server-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7Server-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7Server-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7Server-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7Server-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7Server-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7Server-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7Server-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7Server-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.src",
"relates_to_product_reference": "7Server-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7Server-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7Server-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7Server-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7Server-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7Server-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-0:4.2.6p5-29.el7_8.2.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch"
},
"product_reference": "ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"relates_to_product_reference": "7Server-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-perl-0:4.2.6p5-29.el7_8.2.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch"
},
"product_reference": "ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"relates_to_product_reference": "7Server-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7Server-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7Server-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7Server-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7Server-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7Server-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7Server-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7Server-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7Server-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7Workstation-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7Workstation-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7Workstation-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.src",
"relates_to_product_reference": "7Workstation-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7Workstation-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7Workstation-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7Workstation-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7Workstation-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7Workstation-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-0:4.2.6p5-29.el7_8.2.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch"
},
"product_reference": "ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"relates_to_product_reference": "7Workstation-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-perl-0:4.2.6p5-29.el7_8.2.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch"
},
"product_reference": "ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"relates_to_product_reference": "7Workstation-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7Workstation-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7Workstation-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7Workstation-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7Workstation-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7Workstation-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7Workstation-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7Workstation-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7Workstation-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7Workstation-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.src",
"relates_to_product_reference": "7Workstation-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7Workstation-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-doc-0:4.2.6p5-29.el7_8.2.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch"
},
"product_reference": "ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"relates_to_product_reference": "7Workstation-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-perl-0:4.2.6p5-29.el7_8.2.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch"
},
"product_reference": "ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"relates_to_product_reference": "7Workstation-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7Workstation-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntpdate-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.s390x",
"relates_to_product_reference": "7Workstation-optional-7.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sntp-0:4.2.6p5-29.el7_8.2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64"
},
"product_reference": "sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.8.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11868",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1716665"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Network Time Protocol (NTP), where a security issue exists that allows an off-path attacker to prevent the Network Time Protocol daemon (ntpd) from synchronizing with NTP servers not using authentication. A server mode packet with a spoofed source address sent to the client ntpd causes the next transmission to be rescheduled, even if the packet does not have a valid origin timestamp. If the packet is sent to the client frequently enough, it stops polling the server and is unable to synchronize with it.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ntp: DoS on client ntpd using server mode packet",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11868"
},
{
"category": "external",
"summary": "RHBZ#1716665",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1716665"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11868",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11868"
},
{
"category": "external",
"summary": "http://support.ntp.org/bin/view/Main/NtpBug3592",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3592"
}
],
"release_date": "2020-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-23T12:33:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the ntpd daemon will restart automatically.",
"product_ids": [
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2663"
},
{
"category": "workaround",
"details": "Use authentication with symmetric keys.",
"product_ids": [
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ntp: DoS on client ntpd using server mode packet"
},
{
"cve": "CVE-2020-13817",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-03-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1811627"
}
],
"notes": [
{
"category": "description",
"text": "A high-performance ntpd instance that gets its time from unauthenticated IPv4 time sources may be vulnerable to an off-path attacker who can query time from the victim\u0027s ntpd instance. An attacker who can send a large number of packets with the spoofed IPv4 address of the upstream server can use this flaw to modify the victim\u0027s clock by a limited amount or cause ntpd to exit.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ntp: ntpd using highly predictable transmit timestamps could result in time change or DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All versions of ntp package shipped with Red Hat Enterprise Linux are affected by this flaw. However several mitigations exists, please refer to the mitigation section for more details.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-13817"
},
{
"category": "external",
"summary": "RHBZ#1811627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1811627"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-13817",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13817"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13817",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13817"
},
{
"category": "external",
"summary": "http://support.ntp.org/bin/view/Main/NtpBug3596",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3596"
}
],
"release_date": "2020-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-06-23T12:33:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the ntpd daemon will restart automatically.",
"product_ids": [
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:2663"
},
{
"category": "workaround",
"details": "1. Have enough trustworthy sources of time.\n2. If you are serving time to a possibly hostile network, have your system get its time from other than unauthenticated IPv4 over the hostile network.\n3. Use NTP packet authentication where appropriate.\n4. Pay attention to error messages logged by ntpd.\n5. Monitor your ntpd instances. If the pstats command of ntpq shows the value for \"bogus origin\" is increasing then that association is likely under attack.\n6. If you must get unauthenticated time over IPv4 on a hostile network, Use restrict ... noserve to prevent this attack (note that this is a heavy-handed protection), which blocks time service to the specified network.",
"product_ids": [
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Client-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Client-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Client-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7ComputeNode-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7ComputeNode-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7ComputeNode-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Server-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Server-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Server-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Workstation-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.src",
"7Workstation-optional-7.8.Z:ntp-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:ntp-debuginfo-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:ntp-doc-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-optional-7.8.Z:ntp-perl-0:4.2.6p5-29.el7_8.2.noarch",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:ntpdate-0:4.2.6p5-29.el7_8.2.x86_64",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.ppc64le",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.s390x",
"7Workstation-optional-7.8.Z:sntp-0:4.2.6p5-29.el7_8.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ntp: ntpd using highly predictable transmit timestamps could result in time change or DoS"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…