On 12/22/2014 11:05 PM, Harlan Stenn wrote: > Martin Burnicki writes: >> Rob wrote: >>> Martin Burnicki <martin.burni...@meinberg.de> wrote: >>>> And of course, the information flow was really bad here, so that it is >>>> very hard to figure out which systems are affected. >>> Indeed. Only after 3 days there was a statement on the pool mailing list >>> that the problem only affected servers that can be queried. Well, that >>> had better be stated in the original release, so that 99.9% of the users >>> of ntpd could immediately move it to "not for me" and not be worried. >> Yes. I agree that this information should have been available >> immediately with the first alert. This would have avoided much trouble. > And if we had realized all of this at first alert we would have. > > The announcement came out 3 days' later than I wanted. I'd been working > on this for 2 solid weeks by then.
So, can we get a definitive statement, perhaps as an update to http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/NEWS as to what an admin can do to mitigate the problem until an update can be performed and whether or not the same CVE's apply to xntpd? -- Brian Utterback Solaris RPE, Oracle Corporation. Ph:603-262-3916, Em:brian.utterb...@oracle.com _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions