7 Jul
2015
7 Jul
'15
2:26 a.m.
On Jul 6, 2015, at 4:59 PM, Brian Mathis brian.mathis+centos@betteradmin.com wrote:
RedHat/CentOS does not upgrade packages based on version numbers. Please read https://access.redhat.com/security/updates/backporting Understanding this is essential to running a RedHat/CentOS server.
While this is true, the NTPd web site says the CVE “...Affects: 4.2.5p3 up to, but not including 4.2.8p3-RC1, and 4.3.0 up to, but not including 4.3.25”. The version in RHEL6/CentOS6 is 4.2.6p5. The fix will most likely be backported, though.
-- Jonathan Billings billings@negate.org