(RHSA-2020:2663) Moderate: ntp security update

2020-06-2311:08:48

access.redhat.com

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.059

Percentile

93.5%

JSON

The Network Time Protocol (NTP) is used to synchronize a computer’s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.

Security Fix(es):

ntp: ntpd using highly predictable transmit timestamps could result in time change or DoS (CVE-2020-13817)
ntp: DoS on client ntpd using server mode packet (CVE-2020-11868)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7ppc64lentpdate< 4.2.6p5-29.el7_8.2ntpdate-4.2.6p5-29.el7_8.2.ppc64le.rpm
RedHat7x86_64ntp-debuginfo< 4.2.6p5-29.el7_8.2ntp-debuginfo-4.2.6p5-29.el7_8.2.x86_64.rpm
RedHat7noarchntp-perl< 4.2.6p5-29.el7_8.2ntp-perl-4.2.6p5-29.el7_8.2.noarch.rpm
RedHat7s390xntp-debuginfo< 4.2.6p5-29.el7_8.2ntp-debuginfo-4.2.6p5-29.el7_8.2.s390x.rpm
RedHat7ppc64lesntp< 4.2.6p5-29.el7_8.2sntp-4.2.6p5-29.el7_8.2.ppc64le.rpm
RedHat7ppc64ntp< 4.2.6p5-29.el7_8.2ntp-4.2.6p5-29.el7_8.2.ppc64.rpm
RedHat7s390xntp< 4.2.6p5-29.el7_8.2ntp-4.2.6p5-29.el7_8.2.s390x.rpm
RedHat7ppc64lentp< 4.2.6p5-29.el7_8.2ntp-4.2.6p5-29.el7_8.2.ppc64le.rpm
RedHat7s390xntpdate< 4.2.6p5-29.el7_8.2ntpdate-4.2.6p5-29.el7_8.2.s390x.rpm
RedHat7noarchntp-doc< 4.2.6p5-29.el7_8.2ntp-doc-4.2.6p5-29.el7_8.2.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	ppc64le	ntpdate	< 4.2.6p5-29.el7_8.2	ntpdate-4.2.6p5-29.el7_8.2.ppc64le.rpm
RedHat	7	x86_64	ntp-debuginfo	< 4.2.6p5-29.el7_8.2	ntp-debuginfo-4.2.6p5-29.el7_8.2.x86_64.rpm
RedHat	7	noarch	ntp-perl	< 4.2.6p5-29.el7_8.2	ntp-perl-4.2.6p5-29.el7_8.2.noarch.rpm
RedHat	7	s390x	ntp-debuginfo	< 4.2.6p5-29.el7_8.2	ntp-debuginfo-4.2.6p5-29.el7_8.2.s390x.rpm
RedHat	7	ppc64le	sntp	< 4.2.6p5-29.el7_8.2	sntp-4.2.6p5-29.el7_8.2.ppc64le.rpm
RedHat	7	ppc64	ntp	< 4.2.6p5-29.el7_8.2	ntp-4.2.6p5-29.el7_8.2.ppc64.rpm
RedHat	7	s390x	ntp	< 4.2.6p5-29.el7_8.2	ntp-4.2.6p5-29.el7_8.2.s390x.rpm
RedHat	7	ppc64le	ntp	< 4.2.6p5-29.el7_8.2	ntp-4.2.6p5-29.el7_8.2.ppc64le.rpm
RedHat	7	s390x	ntpdate	< 4.2.6p5-29.el7_8.2	ntpdate-4.2.6p5-29.el7_8.2.s390x.rpm
RedHat	7	noarch	ntp-doc	< 4.2.6p5-29.el7_8.2	ntp-doc-4.2.6p5-29.el7_8.2.noarch.rpm