[CentOS] ntpd new version
Hi All, Currently CentOS site contains the below version of ntpd. ntp-4.2.6p5-3.el6.centos.x86_64.rpmhttp://mirror.centos.org/centos/6.6/updates/x86_64/Packages/ntp-4.2.6p5-3.el6.centos.x86_64.rpm :- 16 mar 2015. Does anybody have any information about when the new version of ntpd is expected to release containing new vulnerabilities fixes? Thanks Vijendra. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ntpd new version
On 06/07/15 12:04, Vijendra Agarwal (vijagarw) wrote: Hi All, Currently CentOS site contains the below version of ntpd. ntp-4.2.6p5-3.el6.centos.x86_64.rpmhttp://mirror.centos.org/centos/6.6/updates/x86_64/Packages/ntp-4.2.6p5-3.el6.centos.x86_64.rpm :- 16 mar 2015. Does anybody have any information about when the new version of ntpd is expected to release containing new vulnerabilities fixes? Thanks Vijendra. That is the current version for el6. What new vulnerabilities? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ntpd new version
RedHat/CentOS does not upgrade packages based on version numbers. Please read https://access.redhat.com/security/updates/backporting Understanding this is essential to running a RedHat/CentOS server. ❧ Brian Mathis @orev On Mon, Jul 6, 2015 at 7:04 AM, Vijendra Agarwal (vijagarw) vijag...@cisco.com wrote: Hi All, Currently CentOS site contains the below version of ntpd. ntp-4.2.6p5-3.el6.centos.x86_64.rpm http://mirror.centos.org/centos/6.6/updates/x86_64/Packages/ntp-4.2.6p5-3.el6.centos.x86_64.rpm :- 16 mar 2015. Does anybody have any information about when the new version of ntpd is expected to release containing new vulnerabilities fixes? Thanks Vijendra. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ntpd new version
On Jul 6, 2015, at 4:59 PM, Brian Mathis brian.mathis+cen...@betteradmin.com wrote: RedHat/CentOS does not upgrade packages based on version numbers. Please read https://access.redhat.com/security/updates/backporting Understanding this is essential to running a RedHat/CentOS server. While this is true, the NTPd web site says the CVE “...Affects: 4.2.5p3 up to, but not including 4.2.8p3-RC1, and 4.3.0 up to, but not including 4.3.25”. The version in RHEL6/CentOS6 is 4.2.6p5. The fix will most likely be backported, though. -- Jonathan Billings billi...@negate.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ntpd new version
On Mon, Jul 06, 2015 at 11:04:25AM +, Vijendra Agarwal (vijagarw) wrote: Hi All, Currently CentOS site contains the below version of ntpd. ntp-4.2.6p5-3.el6.centos.x86_64.rpmhttp://mirror.centos.org/centos/6.6/updates/x86_64/Packages/ntp-4.2.6p5-3.el6.centos.x86_64.rpm :- 16 mar 2015. Does anybody have any information about when the new version of ntpd is expected to release containing new vulnerabilities fixes? If you're talking about this: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi Then you'd probably be best tracking the RHEL CVE entry: https://access.redhat.com/security/cve/CVE-2015-5146 which is currently marked as **RESERVED**. It's marked as Low impact. -- Jonathan Billings billi...@negate.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
