Reg: October 2015 NTP Security Vulnerability

Support for security such as Firewalls and securing linux
gsmuthu
Posts: 2
Joined: 2015/10/29 08:24:41

Reg: October 2015 NTP Security Vulnerability

Postby gsmuthu » 2015/10/29 11:12:59

Hello Team,

Our application is running in Centos 5.8, it contains NTP 4.2.2.
It has got affected by October 2015 vulnerabilities. http://support.ntp.org/bin/view/Main/Se ... rabilities
The site suggest to upgrade the NTP minimum to NTP 4.2.8 version or higher.
But when i cross check it with the mirror.centos.org i could able to fine still 4.2.2 package. http://mirror.centos.org/centos-5/5/updates/i386/RPMS/
Is there any place where i can find the NTP package which would be compatible to centos 5.8?
we have some restrictions to upgrade the centos to higher version hence it is ruled out.
I'm really new to this kind of upgrade, please help me how to proceed

Thanks,
Saravana

gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

https://wiki.cenRe: Reg: October 2015 NTP Security Vulnerabi

Postby gerald_clark » 2015/10/29 13:42:41

5.8 has years of vulnerabilities.
Yum update now to version 5.11.

Please read https://wiki.centos.org/FAQ/General#hea ... b096cbff2f

gsmuthu
Posts: 2
Joined: 2015/10/29 08:24:41

Re: Reg: October 2015 NTP Security Vulnerability

Postby gsmuthu » 2015/10/29 16:12:36

Yes we understand that, even we were provided vulnerability fixes which are available for 5.8.
I would really like to understand do we get any update for this October 2015 ntp vulnerability

User avatar
toracat
Forum Moderator
Posts: 7230
Joined: 2006/09/03 16:37:24
Location: California, US
Contact:

Re: Reg: October 2015 NTP Security Vulnerability

Postby toracat » 2015/10/29 16:23:12

The latest security update for ntp is this one. As you can see, EL 5 is affected but RH decided not to fix it.
CentOS Forum FAQ