fixed in: https://rhn.redhat.com/errata/RHSA-2014-2025.html https://rhn.redhat.com/errata/RHSA-2014-2024.html maybe it's soon in centos too.. 2014-12-20 4:42 GMT+02:00 listmail <listmail at entertech.com>: > I just saw this: > > https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01 > > which includes this: > " A remote attacker can send a carefully crafted packet that can overflow a > stack buffer and potentially allow malicious code to be executed with the > privilege level of the ntpd process. All NTP4 releases before 4.2.8 are > vulnerable." > > "This vulnerability is resolved with NTP-stable4.2.8 on December 19, 2014." > > I guess no one has had time to respond yet. Wonder if I should shut down my > external NTP services as a precaution? > > --Bill > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >