-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: ntp security, bug fix, and enhancement update Advisory ID: RHSA-2019:2077-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2077 Issue date: 2019-08-06 CVE Names: CVE-2018-12327 ==================================================================== 1. Summary: An update for ntp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es): * ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the ntpd daemon will restart automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1550637 - Server time not being synchronised with NTP after upgrading ntp packages 1593580 - CVE-2018-12327 ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: ntp-4.2.6p5-29.el7.src.rpm x86_64: ntp-4.2.6p5-29.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-29.el7.x86_64.rpm ntpdate-4.2.6p5-29.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: ntp-doc-4.2.6p5-29.el7.noarch.rpm ntp-perl-4.2.6p5-29.el7.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-29.el7.x86_64.rpm sntp-4.2.6p5-29.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: ntp-4.2.6p5-29.el7.src.rpm x86_64: ntp-4.2.6p5-29.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-29.el7.x86_64.rpm ntpdate-4.2.6p5-29.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: ntp-doc-4.2.6p5-29.el7.noarch.rpm ntp-perl-4.2.6p5-29.el7.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-29.el7.x86_64.rpm sntp-4.2.6p5-29.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ntp-4.2.6p5-29.el7.src.rpm ppc64: ntp-4.2.6p5-29.el7.ppc64.rpm ntp-debuginfo-4.2.6p5-29.el7.ppc64.rpm ntpdate-4.2.6p5-29.el7.ppc64.rpm ppc64le: ntp-4.2.6p5-29.el7.ppc64le.rpm ntp-debuginfo-4.2.6p5-29.el7.ppc64le.rpm ntpdate-4.2.6p5-29.el7.ppc64le.rpm s390x: ntp-4.2.6p5-29.el7.s390x.rpm ntp-debuginfo-4.2.6p5-29.el7.s390x.rpm ntpdate-4.2.6p5-29.el7.s390x.rpm x86_64: ntp-4.2.6p5-29.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-29.el7.x86_64.rpm ntpdate-4.2.6p5-29.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: ntp-doc-4.2.6p5-29.el7.noarch.rpm ntp-perl-4.2.6p5-29.el7.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-29.el7.ppc64.rpm sntp-4.2.6p5-29.el7.ppc64.rpm ppc64le: ntp-debuginfo-4.2.6p5-29.el7.ppc64le.rpm sntp-4.2.6p5-29.el7.ppc64le.rpm s390x: ntp-debuginfo-4.2.6p5-29.el7.s390x.rpm sntp-4.2.6p5-29.el7.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-29.el7.x86_64.rpm sntp-4.2.6p5-29.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: ntp-4.2.6p5-29.el7.src.rpm x86_64: ntp-4.2.6p5-29.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-29.el7.x86_64.rpm ntpdate-4.2.6p5-29.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: ntp-doc-4.2.6p5-29.el7.noarch.rpm ntp-perl-4.2.6p5-29.el7.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-29.el7.x86_64.rpm sntp-4.2.6p5-29.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-12327 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXUl2JNzjgjWX9erEAQjjmw//Ws6Y/75BX0YkNmYFZd4j7kEf8v3oN2k9 YubMBH7j1GLI1VEzT2zqAayzzy/0OaTxotRUt113vEN2XW5WTcoTNi1eiupdujxb lu2QWsD+53txFnfStggfqbBTi2wjXuDE/EKldQtuzhLd4JO7t9dGZV1Ay6AQNNt/ UtBxsuU1brdsrIoz8g9fFhTB3jcw8/1RY249TGsH9TY3QGlviMifmO/Dnmk6HXMK urNZb7dZnCMSGTioa8yvT1SLH3TVy0qV2IyzMZHQrM8aOWJ+hKmvclGvY8UIKEBP j2Q0JJrmEsQVGrK5gSEU7VYR0GdVHwoVj3MLH+TqSIoF40yFs9PLy8fMWg8zX22u CIIIyisH3w4KysbD3p9eBHqbHktPU2AallZJFRay9adP9uymWhgeJGV+3fEPJrUF JHRmyokW/Y88EDNwJ3xY1MKynZSjoyixrGv4jNuHwQsM8e4j04Z10GSosgfJvNz9 nnfRkA6bM1qsaWEPy2xr+o6zhK1vi1RsaqMpbwBvQd5UarDbkak5r183UYjTnb0j HuLK+SRWpu99JYV0kHeSHIFQ+zfJzMQLO/Av/96Uk8uyOImOdNgfec3e5caGUWul lDfNl5QFsZgTQI4NBNgdUphSWkK19FN/KprTXZH1VjeeSrjL+6KHvizMtlWa7PAc pSSg8mowVTI=jufT -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce