Get the most out of your Centmin Mod LEMP stack
Become a Member

Security NTP security flaw CVE-2014-9295: Multiple buffer overflows via specially-crafted packets

Discussion in 'CentOS, Redhat & Oracle Linux News' started by eva2000, Dec 22, 2014.

  1. eva2000

    eva2000 Administrator Staff Member

    54,605
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    10:08 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Centmin Mod uses NTP if you have a non-OpenVZ based VPS or dedicated server so should be concerned with CVE-2014-9295 (bug report). If you use yum-cron to automatically update your CentOS YUM packages, you should already have the fixed and updated ntp YUM packages.
    • Red Hat Enterprise Linux version 5 (ntp) RHSA-2014:2025 December 20, 2014
    • Red Hat Enterprise Linux version 6 (ntp) RHSA-2014:2024 December 20, 2014
    • Red Hat Enterprise Linux version 7 (ntp) RHSA-2014:2024 December 20, 2014

    Redhat Enterprise 5 server


    x86_64:
    • ntp-4.2.2p1-18.el5_11.x86_64.rpm MD5: 25ac2d1ed78186eecfd6ea52f2d8680c
    • ntp-debuginfo-4.2.2p1-18.el5_11.x86_64.rpm MD5: 1a4bf6846ad46294fe13466b1912af9a

    Redhat Enterprise 6


    x86_64:
    • ntp-4.2.6p5-2.el6_6.x86_64.rpm MD5: 3682c34da2b4fb88da8a78379e09ed54
    • ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm MD5: ac3b539f1922d77a38226af801af2c44
    • ntp-doc-4.2.6p5-2.el6_6.noarch.rpm MD5: 8e9929c54498e2e507294ca00ca6205d
    • ntp-perl-4.2.6p5-2.el6_6.x86_64.rpm MD5: c0c1c5e69a831a3ed41bf9cef97a2324
    • ntpdate-4.2.6p5-2.el6_6.x86_64.rpm MD5: 8e83bcdfbe27d6cc35bdc18c92b14203

    Redhat Enterprise 7


    x86_64:
    • ntp-4.2.6p5-19.el7_0.x86_64.rpm MD5: f8c1dd1cc5073491e2e3f80984d91f8c
    • ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm MD5: b9dfbb0f36b645988e12bb18e964b8e4
    • ntp-doc-4.2.6p5-19.el7_0.noarch.rpm MD5: 708357bce96072ab649a4a0e503af6aa
    • ntp-perl-4.2.6p5-19.el7_0.noarch.rpm MD5: ed30c7d74afee80ae58a3dd6860dec5d
    • ntpdate-4.2.6p5-19.el7_0.x86_64.rpm MD5: d3306ae037f4f26a2eda853ff33c9290
    • sntp-4.2.6p5-19.el7_0.x86_64.rpm MD5: da9224cd5a75da093b137fb48f3a4d16
    Code:
    yum -q list ntp
    Installed Packages
    ntp.x86_64  
    Code:
    yum -q list ntp
    Installed Packages
    ntp.x86_64                       4.2.6p5-18.el7.centos                       @base
    Available Packages
    ntp.x86_64                       4.2.6p5-19.el7.centos                       updates


     
  2. rdan

    rdan Well-Known Member

    5,446
    1,408
    113
    May 25, 2014
    Ratings:
    +2,201
    Local Time:
    8:08 AM
    Mainline
    10.2
    This is what I got:
    # yum -q list ntp
    Installed Packages
    ntp.x86_64 4.2.6p5-2.el6.centos @updates