Re: [CentOS] ntpd new version

2015-07-06 Thread Jonathan Billings 
On Jul 6, 2015, at 4:59 PM, Brian Mathis  
wrote:
> RedHat/CentOS does not upgrade packages based on version numbers.  Please
> read https://access.redhat.com/security/updates/backporting  Understanding
> this is essential to running a RedHat/CentOS server.

While this is true, the NTPd web site says the CVE  “...Affects: 4.2.5p3 up to, 
but not including 4.2.8p3-RC1, and 4.3.0 up to, but not including 4.3.25”.  The 
version in RHEL6/CentOS6 is 4.2.6p5.  The fix will most likely be backported, 
though.

--
Jonathan Billings 


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ntpd new version

2015-07-06 Thread Brian Mathis 
RedHat/CentOS does not upgrade packages based on version numbers.  Please
read https://access.redhat.com/security/updates/backporting  Understanding
this is essential to running a RedHat/CentOS server.


❧ Brian Mathis
@orev


On Mon, Jul 6, 2015 at 7:04 AM, Vijendra Agarwal (vijagarw) <
vijag...@cisco.com> wrote:

> Hi All,
> Currently CentOS site contains the below version of ntpd.
> ntp-4.2.6p5-3.el6.centos.x86_64.rpm<
> http://mirror.centos.org/centos/6.6/updates/x86_64/Packages/ntp-4.2.6p5-3.el6.centos.x86_64.rpm>
> :- 16 mar 2015.
>
> Does anybody have any information about when the new version of ntpd is
> expected to release containing new vulnerabilities fixes?
>
> Thanks
> Vijendra.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ntpd new version

2015-07-06 Thread Jonathan Billings 
On Mon, Jul 06, 2015 at 11:04:25AM +, Vijendra Agarwal (vijagarw) wrote:
>
> Hi All,
> Currently CentOS site contains the below version of ntpd.
> ntp-4.2.6p5-3.el6.centos.x86_64.rpm
>  :- 16 mar 2015.
> 
> Does anybody have any information about when the new version of ntpd is 
> expected to release containing new vulnerabilities fixes?

If you're talking about this:

http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi

Then you'd probably be best tracking the RHEL CVE entry:

https://access.redhat.com/security/cve/CVE-2015-5146

which is currently marked as **RESERVED**.  It's marked as "Low"
impact.

-- 
Jonathan Billings 
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ntpd new version

2015-07-06 Thread Ned Slider 


On 06/07/15 12:04, Vijendra Agarwal (vijagarw) wrote:
> Hi All,
> Currently CentOS site contains the below version of ntpd.
> ntp-4.2.6p5-3.el6.centos.x86_64.rpm
>  :- 16 mar 2015.
> 
> Does anybody have any information about when the new version of ntpd is 
> expected to release containing new vulnerabilities fixes?
> 
> Thanks
> Vijendra.


That is the current version for el6.

What new vulnerabilities?

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] ntpd new version

2015-07-06 Thread Vijendra Agarwal (vijagarw) 
Hi All,
Currently CentOS site contains the below version of ntpd.
ntp-4.2.6p5-3.el6.centos.x86_64.rpm
 :- 16 mar 2015.

Does anybody have any information about when the new version of ntpd is 
expected to release containing new vulnerabilities fixes?

Thanks
Vijendra.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos