[ntp:security] NTP Security Vulnerabilities issue CVE-2015-5300

Sue Graves sgraves at nwtime.org
Mon Jan 25 19:32:52 UTC 2016


Hi Arjit,

First, we don't back-port fixes to an EOL version of ntp, so you'd have
to test the patch yourself.

We announced on Jan 19th that there was an additional change made to our
original patch for CVE-2015-5300. Please upgrade to 4.2.8p6 for the
current fix for this issue.

On 1/25/2016 3:24 AM, Arjit Gupta wrote:
> 
> Hi All,
> 
> This is regarding patch submitted for NTP Security Vulnerabilities issue
> mentioned in
> https://bugzilla.redhat.com/show_bug.cgi?id=1271076
> 
> 
> Please let me know what is expected month/date for the patch available.
Again, it was released on January 19th in ntp-4.2.8p6

> Is the patch applicable for ntp-4.2.6 ?
To discuss this further, please contact info at nwtime.org.

Best Regards,
Sue
> 
> 
> 
> Thanks in Advance
> 
> Regards
> Arjit Kumar
> 
> 
> 
> _______________________________________________
> security mailing list
> security at lists.ntp.org
> http://lists.ntp.org/listinfo/security
> 

-- 
Knowing the correct time isn't always important - until it is.
Join Network Time Consortium http://nwtime.org/join



More information about the security mailing list