Re: NTP Vulnerability?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



C7 - http://lists.centos.org/pipermail/centos-announce/2014-December/020850.html C6 - http://lists.centos.org/pipermail/centos-announce/2014-December/020852.html C5 - http://lists.centos.org/pipermail/centos-announce/2014-December/020851.html

On 20/12/14 14:04, Eero Volotinen wrote:
fixed in:


https://rhn.redhat.com/errata/RHSA-2014-2025.html
https://rhn.redhat.com/errata/RHSA-2014-2024.html

maybe it's soon in centos too..

2014-12-20 4:42 GMT+02:00 listmail <listmail@xxxxxxxxxxxxx>:

I just saw this:

https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01

which includes this:
" A remote attacker can send a carefully crafted packet that can overflow a
stack buffer and potentially allow malicious code to be executed with the
privilege level of the ntpd process. All NTP4 releases before 4.2.8 are
vulnerable."

"This vulnerability is resolved with NTP-stable4.2.8 on December 19, 2014."

I guess no one has had time to respond yet. Wonder if I should shut down my
external NTP services as a precaution?

--Bill
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux