C7 - http://lists.centos.org/pipermail/centos-announce/2014-December/020850.html C6 - http://lists.centos.org/pipermail/centos-announce/2014-December/020852.html C5 - http://lists.centos.org/pipermail/centos-announce/2014-December/020851.html On 20/12/14 14:04, Eero Volotinen wrote: > fixed in: > > > https://rhn.redhat.com/errata/RHSA-2014-2025.html > https://rhn.redhat.com/errata/RHSA-2014-2024.html > > maybe it's soon in centos too.. > > 2014-12-20 4:42 GMT+02:00 listmail <listmail at entertech.com>: > >> I just saw this: >> >> https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01 >> >> which includes this: >> " A remote attacker can send a carefully crafted packet that can overflow a >> stack buffer and potentially allow malicious code to be executed with the >> privilege level of the ntpd process. All NTP4 releases before 4.2.8 are >> vulnerable." >> >> "This vulnerability is resolved with NTP-stable4.2.8 on December 19, 2014." >> >> I guess no one has had time to respond yet. Wonder if I should shut down my >> external NTP services as a precaution? >> >> --Bill >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >