Page 1 of 1

Reg: October 2015 NTP Security Vulnerability

Posted: 2015/10/29 11:12:59
by gsmuthu
Hello Team,

Our application is running in Centos 5.8, it contains NTP 4.2.2.
It has got affected by October 2015 vulnerabilities. http://support.ntp.org/bin/view/Main/Se ... rabilities
The site suggest to upgrade the NTP minimum to NTP 4.2.8 version or higher.
But when i cross check it with the mirror.centos.org i could able to fine still 4.2.2 package. http://mirror.centos.org/centos-5/5/updates/i386/RPMS/
Is there any place where i can find the NTP package which would be compatible to centos 5.8?
we have some restrictions to upgrade the centos to higher version hence it is ruled out.
I'm really new to this kind of upgrade, please help me how to proceed

Thanks,
Saravana

https://wiki.cenRe: Reg: October 2015 NTP Security Vulnerabi

Posted: 2015/10/29 13:42:41
by gerald_clark
5.8 has years of vulnerabilities.
Yum update now to version 5.11.

Please read https://wiki.centos.org/FAQ/General#hea ... b096cbff2f

Re: Reg: October 2015 NTP Security Vulnerability

Posted: 2015/10/29 16:12:36
by gsmuthu
Yes we understand that, even we were provided vulnerability fixes which are available for 5.8.
I would really like to understand do we get any update for this October 2015 ntp vulnerability

Re: Reg: October 2015 NTP Security Vulnerability

Posted: 2015/10/29 16:23:12
by toracat
The latest security update for ntp is this one. As you can see, EL 5 is affected but RH decided not to fix it.