(RHSA-2016:0063) Important: ntp security update

2016-01-25T05:00:00
ID RHSA-2016:0063
Type redhat
Reporter RedHat
Modified 2018-06-06T20:24:13

Description

The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source.

It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements to modify the time on the client. (CVE-2015-8138)

All ntp users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the update, the ntpd daemon will restart automatically.