Hi All, Currently CentOS site contains the below version of ntpd. ntp-4.2.6p5-3.el6.CentOS.x86_64.rpm :- 16 mar 2015.
Does anybody have any information about when the new version of ntpd is expected to release containing new vulnerabilities fixes?
Thanks Vijendra.
4 thoughts on - Ntpd New Version
That is the current version for el6.
What new vulnerabilities?
If you’re talking about this:
http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi
Then you’d probably be best tracking the RHEL CVE entry:
https://access.redhat.com/security/cve/CVE-2015-5146
which is currently marked as **RESERVED**. It’s marked as “Low”
impact.
RedHat/CentOS does not upgrade packages based on version numbers. Please read https://access.redhat.com/security/updates/backporting Understanding this is essential to running a RedHat/CentOS server.
❧ Brian Mathis
@orev
CentOS mailing list CentOS@CentOS.org http://lists.CentOS.org/mailman/listinfo/CentOS
While this is true, the NTPd web site says the CVE “…Affects: 4.2.5p3 up to, but not including 4.2.8p3-RC1, and 4.3.0 up to, but not including 4.3.25”. The version in RHEL6/CentOS6 is 4.2.6p5. The fix will most likely be backported, though.
—
Jonathan Billings