Red Hat Product Errata RHSA-2018:3854 - Security Advisory

Issued:: 2018-12-19
Updated:: 2018-12-19

RHSA-2018:3854 - Security Advisory

Overview
Updated Packages

Synopsis

Low: ntp security update

Type/Severity

Security Advisory: Low

Topic

An update for ntp is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.

Security Fix(es):

ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the ntpd daemon will restart automatically.

Affected Products

Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Scientific Computing 6 x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x

Fixes

BZ - 1593580 - CVE-2018-12327 ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution

CVEs

CVE-2018-12327

References

https://access.redhat.com/security/updates/classification/#low

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
ntp-4.2.6p5-15.el6_10.src.rpm	SHA-256: 5acef5e4191af9c1e260cb66a5a624716112a8434e93d07025162355e7b39bb7
x86_64
ntp-4.2.6p5-15.el6_10.x86_64.rpm	SHA-256: 742c7bebe5ff01ece97121f65b417c4d45163e14b612426a08a82f4bd2fe2cc6
ntp-debuginfo-4.2.6p5-15.el6_10.x86_64.rpm	SHA-256: 1a819e92b99bd127953781b356b42f37db20b33e386c9f19e9523df906b1cbd9
ntp-debuginfo-4.2.6p5-15.el6_10.x86_64.rpm	SHA-256: 1a819e92b99bd127953781b356b42f37db20b33e386c9f19e9523df906b1cbd9
ntp-doc-4.2.6p5-15.el6_10.noarch.rpm	SHA-256: 9c2051e15852df7a4618751a623362772961e6a59c3fff1b7692ca74b24861e7
ntp-perl-4.2.6p5-15.el6_10.x86_64.rpm	SHA-256: b3f41dc9a9a8ea0e0f8b048a0407b38c11621fe3af1b1f3a008521fcf2a61db4
ntpdate-4.2.6p5-15.el6_10.x86_64.rpm	SHA-256: 46c05c5cbd1ba322e16498557484020401270b08e281f9b761bbe1e05cbe82f3
i386
ntp-4.2.6p5-15.el6_10.i686.rpm	SHA-256: 968c716cbfbeb4736e33cf079361830d29f5b069a79453f406f80598d538f799
ntp-debuginfo-4.2.6p5-15.el6_10.i686.rpm	SHA-256: 2454f4a9d1c3860eb7324f9932c261baf9e4de185a65be322c08978d953fdd13
ntp-debuginfo-4.2.6p5-15.el6_10.i686.rpm	SHA-256: 2454f4a9d1c3860eb7324f9932c261baf9e4de185a65be322c08978d953fdd13
ntp-doc-4.2.6p5-15.el6_10.noarch.rpm	SHA-256: 9c2051e15852df7a4618751a623362772961e6a59c3fff1b7692ca74b24861e7
ntp-perl-4.2.6p5-15.el6_10.i686.rpm	SHA-256: 47a3f73d5d58677d2ae68679b2f3281e5e7127be84d17cfa4ec51a33fc63bbed
ntpdate-4.2.6p5-15.el6_10.i686.rpm	SHA-256: ff623aea77c266d381b7a657732b364aeaca35878a80c7e88da3f8c6ee259dd7

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM
ntp-4.2.6p5-15.el6_10.src.rpm	SHA-256: 5acef5e4191af9c1e260cb66a5a624716112a8434e93d07025162355e7b39bb7
x86_64
ntp-4.2.6p5-15.el6_10.x86_64.rpm	SHA-256: 742c7bebe5ff01ece97121f65b417c4d45163e14b612426a08a82f4bd2fe2cc6
ntp-debuginfo-4.2.6p5-15.el6_10.x86_64.rpm	SHA-256: 1a819e92b99bd127953781b356b42f37db20b33e386c9f19e9523df906b1cbd9
ntp-debuginfo-4.2.6p5-15.el6_10.x86_64.rpm	SHA-256: 1a819e92b99bd127953781b356b42f37db20b33e386c9f19e9523df906b1cbd9
ntp-doc-4.2.6p5-15.el6_10.noarch.rpm	SHA-256: 9c2051e15852df7a4618751a623362772961e6a59c3fff1b7692ca74b24861e7
ntp-perl-4.2.6p5-15.el6_10.x86_64.rpm	SHA-256: b3f41dc9a9a8ea0e0f8b048a0407b38c11621fe3af1b1f3a008521fcf2a61db4
ntpdate-4.2.6p5-15.el6_10.x86_64.rpm	SHA-256: 46c05c5cbd1ba322e16498557484020401270b08e281f9b761bbe1e05cbe82f3
i386
ntp-4.2.6p5-15.el6_10.i686.rpm	SHA-256: 968c716cbfbeb4736e33cf079361830d29f5b069a79453f406f80598d538f799
ntp-debuginfo-4.2.6p5-15.el6_10.i686.rpm	SHA-256: 2454f4a9d1c3860eb7324f9932c261baf9e4de185a65be322c08978d953fdd13
ntp-debuginfo-4.2.6p5-15.el6_10.i686.rpm	SHA-256: 2454f4a9d1c3860eb7324f9932c261baf9e4de185a65be322c08978d953fdd13
ntp-doc-4.2.6p5-15.el6_10.noarch.rpm	SHA-256: 9c2051e15852df7a4618751a623362772961e6a59c3fff1b7692ca74b24861e7
ntp-perl-4.2.6p5-15.el6_10.i686.rpm	SHA-256: 47a3f73d5d58677d2ae68679b2f3281e5e7127be84d17cfa4ec51a33fc63bbed
ntpdate-4.2.6p5-15.el6_10.i686.rpm	SHA-256: ff623aea77c266d381b7a657732b364aeaca35878a80c7e88da3f8c6ee259dd7

Red Hat Enterprise Linux Workstation 6

SRPM
ntp-4.2.6p5-15.el6_10.src.rpm	SHA-256: 5acef5e4191af9c1e260cb66a5a624716112a8434e93d07025162355e7b39bb7
x86_64
ntp-4.2.6p5-15.el6_10.x86_64.rpm	SHA-256: 742c7bebe5ff01ece97121f65b417c4d45163e14b612426a08a82f4bd2fe2cc6
ntp-debuginfo-4.2.6p5-15.el6_10.x86_64.rpm	SHA-256: 1a819e92b99bd127953781b356b42f37db20b33e386c9f19e9523df906b1cbd9
ntp-debuginfo-4.2.6p5-15.el6_10.x86_64.rpm	SHA-256: 1a819e92b99bd127953781b356b42f37db20b33e386c9f19e9523df906b1cbd9
ntp-doc-4.2.6p5-15.el6_10.noarch.rpm	SHA-256: 9c2051e15852df7a4618751a623362772961e6a59c3fff1b7692ca74b24861e7
ntp-perl-4.2.6p5-15.el6_10.x86_64.rpm	SHA-256: b3f41dc9a9a8ea0e0f8b048a0407b38c11621fe3af1b1f3a008521fcf2a61db4
ntpdate-4.2.6p5-15.el6_10.x86_64.rpm	SHA-256: 46c05c5cbd1ba322e16498557484020401270b08e281f9b761bbe1e05cbe82f3
i386
ntp-4.2.6p5-15.el6_10.i686.rpm	SHA-256: 968c716cbfbeb4736e33cf079361830d29f5b069a79453f406f80598d538f799
ntp-debuginfo-4.2.6p5-15.el6_10.i686.rpm	SHA-256: 2454f4a9d1c3860eb7324f9932c261baf9e4de185a65be322c08978d953fdd13
ntp-debuginfo-4.2.6p5-15.el6_10.i686.rpm	SHA-256: 2454f4a9d1c3860eb7324f9932c261baf9e4de185a65be322c08978d953fdd13
ntp-doc-4.2.6p5-15.el6_10.noarch.rpm	SHA-256: 9c2051e15852df7a4618751a623362772961e6a59c3fff1b7692ca74b24861e7
ntp-perl-4.2.6p5-15.el6_10.i686.rpm	SHA-256: 47a3f73d5d58677d2ae68679b2f3281e5e7127be84d17cfa4ec51a33fc63bbed
ntpdate-4.2.6p5-15.el6_10.i686.rpm	SHA-256: ff623aea77c266d381b7a657732b364aeaca35878a80c7e88da3f8c6ee259dd7

Red Hat Enterprise Linux Desktop 6

SRPM
ntp-4.2.6p5-15.el6_10.src.rpm	SHA-256: 5acef5e4191af9c1e260cb66a5a624716112a8434e93d07025162355e7b39bb7
x86_64
ntp-4.2.6p5-15.el6_10.x86_64.rpm	SHA-256: 742c7bebe5ff01ece97121f65b417c4d45163e14b612426a08a82f4bd2fe2cc6
ntp-debuginfo-4.2.6p5-15.el6_10.x86_64.rpm	SHA-256: 1a819e92b99bd127953781b356b42f37db20b33e386c9f19e9523df906b1cbd9
ntp-debuginfo-4.2.6p5-15.el6_10.x86_64.rpm	SHA-256: 1a819e92b99bd127953781b356b42f37db20b33e386c9f19e9523df906b1cbd9
ntp-doc-4.2.6p5-15.el6_10.noarch.rpm	SHA-256: 9c2051e15852df7a4618751a623362772961e6a59c3fff1b7692ca74b24861e7
ntp-perl-4.2.6p5-15.el6_10.x86_64.rpm	SHA-256: b3f41dc9a9a8ea0e0f8b048a0407b38c11621fe3af1b1f3a008521fcf2a61db4
ntpdate-4.2.6p5-15.el6_10.x86_64.rpm	SHA-256: 46c05c5cbd1ba322e16498557484020401270b08e281f9b761bbe1e05cbe82f3
i386
ntp-4.2.6p5-15.el6_10.i686.rpm	SHA-256: 968c716cbfbeb4736e33cf079361830d29f5b069a79453f406f80598d538f799
ntp-debuginfo-4.2.6p5-15.el6_10.i686.rpm	SHA-256: 2454f4a9d1c3860eb7324f9932c261baf9e4de185a65be322c08978d953fdd13
ntp-debuginfo-4.2.6p5-15.el6_10.i686.rpm	SHA-256: 2454f4a9d1c3860eb7324f9932c261baf9e4de185a65be322c08978d953fdd13
ntp-doc-4.2.6p5-15.el6_10.noarch.rpm	SHA-256: 9c2051e15852df7a4618751a623362772961e6a59c3fff1b7692ca74b24861e7
ntp-perl-4.2.6p5-15.el6_10.i686.rpm	SHA-256: 47a3f73d5d58677d2ae68679b2f3281e5e7127be84d17cfa4ec51a33fc63bbed
ntpdate-4.2.6p5-15.el6_10.i686.rpm	SHA-256: ff623aea77c266d381b7a657732b364aeaca35878a80c7e88da3f8c6ee259dd7

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
ntp-4.2.6p5-15.el6_10.src.rpm	SHA-256: 5acef5e4191af9c1e260cb66a5a624716112a8434e93d07025162355e7b39bb7
s390x
ntp-4.2.6p5-15.el6_10.s390x.rpm	SHA-256: af88d2b6644cab97e35478e01ede39477f2ce17b5db6b554365c956fd98b3c7f
ntp-debuginfo-4.2.6p5-15.el6_10.s390x.rpm	SHA-256: 9e51622d98e9a2f97556148ea43b913e3c97c83bb1ded6a9622eef8d91e1fd31
ntp-debuginfo-4.2.6p5-15.el6_10.s390x.rpm	SHA-256: 9e51622d98e9a2f97556148ea43b913e3c97c83bb1ded6a9622eef8d91e1fd31
ntp-doc-4.2.6p5-15.el6_10.noarch.rpm	SHA-256: 9c2051e15852df7a4618751a623362772961e6a59c3fff1b7692ca74b24861e7
ntp-perl-4.2.6p5-15.el6_10.s390x.rpm	SHA-256: 1f2e29e05d181d407a4ad41ee56fc4078067c89b7a9200435f01cdfa4544aa50
ntpdate-4.2.6p5-15.el6_10.s390x.rpm	SHA-256: 4728fa1dd0fa73068a511034ce86e37ddb35ff5dc90c87d01f5b6599adf84993

Red Hat Enterprise Linux for Power, big endian 6

SRPM
ntp-4.2.6p5-15.el6_10.src.rpm	SHA-256: 5acef5e4191af9c1e260cb66a5a624716112a8434e93d07025162355e7b39bb7
ppc64
ntp-4.2.6p5-15.el6_10.ppc64.rpm	SHA-256: 9bd7c27f017c73c852e5746306f279bf408273f4f7ede2babb729c5e2fc4f35d
ntp-debuginfo-4.2.6p5-15.el6_10.ppc64.rpm	SHA-256: cdb03167d51c99f8b9a7799850269c5080d3c95d43b6b647a273adf8f8eb3d32
ntp-debuginfo-4.2.6p5-15.el6_10.ppc64.rpm	SHA-256: cdb03167d51c99f8b9a7799850269c5080d3c95d43b6b647a273adf8f8eb3d32
ntp-doc-4.2.6p5-15.el6_10.noarch.rpm	SHA-256: 9c2051e15852df7a4618751a623362772961e6a59c3fff1b7692ca74b24861e7
ntp-perl-4.2.6p5-15.el6_10.ppc64.rpm	SHA-256: c9a26bd9a68195aca43bfed48e6c489da4c8f044e6d4481dfa42e43234ce14f4
ntpdate-4.2.6p5-15.el6_10.ppc64.rpm	SHA-256: c410719162781fbb6e63b70f6a91a6ae5f738b53474d318f5d13066824092d69

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
ntp-4.2.6p5-15.el6_10.src.rpm	SHA-256: 5acef5e4191af9c1e260cb66a5a624716112a8434e93d07025162355e7b39bb7
x86_64
ntp-4.2.6p5-15.el6_10.x86_64.rpm	SHA-256: 742c7bebe5ff01ece97121f65b417c4d45163e14b612426a08a82f4bd2fe2cc6
ntp-debuginfo-4.2.6p5-15.el6_10.x86_64.rpm	SHA-256: 1a819e92b99bd127953781b356b42f37db20b33e386c9f19e9523df906b1cbd9
ntp-debuginfo-4.2.6p5-15.el6_10.x86_64.rpm	SHA-256: 1a819e92b99bd127953781b356b42f37db20b33e386c9f19e9523df906b1cbd9
ntp-doc-4.2.6p5-15.el6_10.noarch.rpm	SHA-256: 9c2051e15852df7a4618751a623362772961e6a59c3fff1b7692ca74b24861e7
ntp-perl-4.2.6p5-15.el6_10.x86_64.rpm	SHA-256: b3f41dc9a9a8ea0e0f8b048a0407b38c11621fe3af1b1f3a008521fcf2a61db4
ntpdate-4.2.6p5-15.el6_10.x86_64.rpm	SHA-256: 46c05c5cbd1ba322e16498557484020401270b08e281f9b761bbe1e05cbe82f3

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6

SRPM
ntp-4.2.6p5-15.el6_10.src.rpm	SHA-256: 5acef5e4191af9c1e260cb66a5a624716112a8434e93d07025162355e7b39bb7
s390x
ntp-4.2.6p5-15.el6_10.s390x.rpm	SHA-256: af88d2b6644cab97e35478e01ede39477f2ce17b5db6b554365c956fd98b3c7f
ntp-debuginfo-4.2.6p5-15.el6_10.s390x.rpm	SHA-256: 9e51622d98e9a2f97556148ea43b913e3c97c83bb1ded6a9622eef8d91e1fd31
ntp-debuginfo-4.2.6p5-15.el6_10.s390x.rpm	SHA-256: 9e51622d98e9a2f97556148ea43b913e3c97c83bb1ded6a9622eef8d91e1fd31
ntp-doc-4.2.6p5-15.el6_10.noarch.rpm	SHA-256: 9c2051e15852df7a4618751a623362772961e6a59c3fff1b7692ca74b24861e7
ntp-perl-4.2.6p5-15.el6_10.s390x.rpm	SHA-256: 1f2e29e05d181d407a4ad41ee56fc4078067c89b7a9200435f01cdfa4544aa50
ntpdate-4.2.6p5-15.el6_10.s390x.rpm	SHA-256: 4728fa1dd0fa73068a511034ce86e37ddb35ff5dc90c87d01f5b6599adf84993

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories