Welcome to Centmin Mod Community
Register Now

Security NTP security flaw CVE-2014-9295: Multiple buffer overflows via specially-crafted packets

Discussion in 'CentOS, Redhat & Oracle Linux News' started by eva2000, Dec 22, 2014.

  1. eva2000

    eva2000 Administrator Staff Member

    29,016
    6,584
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,774
    Local Time:
    7:01 AM
    Nginx 1.13.x
    MariaDB 5.5
    Centmin Mod uses NTP if you have a non-OpenVZ based VPS or dedicated server so should be concerned with CVE-2014-9295 (bug report). If you use yum-cron to automatically update your CentOS YUM packages, you should already have the fixed and updated ntp YUM packages.
    • Red Hat Enterprise Linux version 5 (ntp) RHSA-2014:2025 December 20, 2014
    • Red Hat Enterprise Linux version 6 (ntp) RHSA-2014:2024 December 20, 2014
    • Red Hat Enterprise Linux version 7 (ntp) RHSA-2014:2024 December 20, 2014

    Redhat Enterprise 5 server


    x86_64:
    • ntp-4.2.2p1-18.el5_11.x86_64.rpm MD5: 25ac2d1ed78186eecfd6ea52f2d8680c
    • ntp-debuginfo-4.2.2p1-18.el5_11.x86_64.rpm MD5: 1a4bf6846ad46294fe13466b1912af9a

    Redhat Enterprise 6


    x86_64:
    • ntp-4.2.6p5-2.el6_6.x86_64.rpm MD5: 3682c34da2b4fb88da8a78379e09ed54
    • ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm MD5: ac3b539f1922d77a38226af801af2c44
    • ntp-doc-4.2.6p5-2.el6_6.noarch.rpm MD5: 8e9929c54498e2e507294ca00ca6205d
    • ntp-perl-4.2.6p5-2.el6_6.x86_64.rpm MD5: c0c1c5e69a831a3ed41bf9cef97a2324
    • ntpdate-4.2.6p5-2.el6_6.x86_64.rpm MD5: 8e83bcdfbe27d6cc35bdc18c92b14203

    Redhat Enterprise 7


    x86_64:
    • ntp-4.2.6p5-19.el7_0.x86_64.rpm MD5: f8c1dd1cc5073491e2e3f80984d91f8c
    • ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm MD5: b9dfbb0f36b645988e12bb18e964b8e4
    • ntp-doc-4.2.6p5-19.el7_0.noarch.rpm MD5: 708357bce96072ab649a4a0e503af6aa
    • ntp-perl-4.2.6p5-19.el7_0.noarch.rpm MD5: ed30c7d74afee80ae58a3dd6860dec5d
    • ntpdate-4.2.6p5-19.el7_0.x86_64.rpm MD5: d3306ae037f4f26a2eda853ff33c9290
    • sntp-4.2.6p5-19.el7_0.x86_64.rpm MD5: da9224cd5a75da093b137fb48f3a4d16
    Code:
    yum -q list ntp
    Installed Packages
    ntp.x86_64  
    Code:
    yum -q list ntp
    Installed Packages
    ntp.x86_64                       4.2.6p5-18.el7.centos                       @base
    Available Packages
    ntp.x86_64                       4.2.6p5-19.el7.centos                       updates

     
  2. RoldanLT

    RoldanLT Well-Known Member

    3,829
    929
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,258
    Local Time:
    5:01 AM
    1.11
    10.2
    This is what I got:
    # yum -q list ntp
    Installed Packages
    ntp.x86_64 4.2.6p5-2.el6.centos @updates
     
    • Like Like x 1