Fedora 27: ntp Security Update
Summary
The Network Time Protocol (NTP) is used to synchronize a computer's
time with another reference time source. This package includes ntpd
(a daemon which continuously adjusts system time) and utilities used
to query and configure the ntpd daemon.
Perl scripts are in the ntp-perl package, ntpdate is in the ntpdate
package and sntp is in the sntp package. The documentation in HTML
format is in the ntp-doc package.
Security fix for CVE-2018-12327 and fixed fix for CVE-2018-7170.
* Wed Aug 15 2018 Miroslav Lichvar
- update to 4.2.8p12 (CVE-2018-12327 CVE-2018-7170)
* Thu Mar 1 2018 Miroslav Lichvar
- update to 4.2.8p11 (CVE-2016-1549, CVE-2018-7170, CVE-2018-7182,
CVE-2018-7183, CVE-2018-7184, CVE-2018-7185)
- use noepeer restriction in default config
[ 1 ] Bug #1593580 - CVE-2018-12327 ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution
https://bugzilla.redhat.com/show_bug.cgi?id=1593580
su -c 'dnf upgrade --advisory FEDORA-2018-7051d682fa' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
FEDORA-2018-7051d682fa 2018-09-26 20:15:42.048253 Product : Fedora 27 Version : 4.2.8p12 Release : 1.fc27 URL : http://www.ntp.org Summary : The NTP daemon and utilities Description : The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. This package includes ntpd (a daemon which continuously adjusts system time) and utilities used to query and configure the ntpd daemon. Perl scripts are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp package. The documentation in HTML format is in the ntp-doc package. Security fix for CVE-2018-12327 and fixed fix for CVE-2018-7170. * Wed Aug 15 2018 Miroslav Lichvar 4.2.8p12-1 - update to 4.2.8p12 (CVE-2018-12327 CVE-2018-7170) * Thu Mar 1 2018 Miroslav Lichvar 4.2.8p11-1 - update to 4.2.8p11 (CVE-2016-1549, CVE-2018-7170, CVE-2018-7182, CVE-2018-7183, CVE-2018-7184, CVE-2018-7185) - use noepeer restriction in default config [ 1 ] Bug #1593580 - CVE-2018-12327 ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution https://bugzilla.redhat.com/show_bug.cgi?id=1593580 su -c 'dnf upgrade --advisory FEDORA-2018-7051d682fa' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Change Log
References