Issued:
2018-12-19
Updated:
2018-12-19

RHSA-2018:3854 - Security Advisory

Synopsis

Low: ntp security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for ntp is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.

Security Fix(es):

  • ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the ntpd daemon will restart automatically.

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x

Fixes

  • BZ - 1593580 - CVE-2018-12327 ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution

Red Hat Enterprise Linux Server 6

SRPM
ntp-4.2.6p5-15.el6_10.src.rpm SHA-256: 5acef5e4191af9c1e260cb66a5a624716112a8434e93d07025162355e7b39bb7
x86_64
ntp-4.2.6p5-15.el6_10.x86_64.rpm SHA-256: 742c7bebe5ff01ece97121f65b417c4d45163e14b612426a08a82f4bd2fe2cc6
ntp-debuginfo-4.2.6p5-15.el6_10.x86_64.rpm SHA-256: 1a819e92b99bd127953781b356b42f37db20b33e386c9f19e9523df906b1cbd9
ntp-debuginfo-4.2.6p5-15.el6_10.x86_64.rpm SHA-256: 1a819e92b99bd127953781b356b42f37db20b33e386c9f19e9523df906b1cbd9
ntp-doc-4.2.6p5-15.el6_10.noarch.rpm SHA-256: 9c2051e15852df7a4618751a623362772961e6a59c3fff1b7692ca74b24861e7
ntp-perl-4.2.6p5-15.el6_10.x86_64.rpm SHA-256: b3f41dc9a9a8ea0e0f8b048a0407b38c11621fe3af1b1f3a008521fcf2a61db4
ntpdate-4.2.6p5-15.el6_10.x86_64.rpm SHA-256: 46c05c5cbd1ba322e16498557484020401270b08e281f9b761bbe1e05cbe82f3
i386
ntp-4.2.6p5-15.el6_10.i686.rpm SHA-256: 968c716cbfbeb4736e33cf079361830d29f5b069a79453f406f80598d538f799
ntp-debuginfo-4.2.6p5-15.el6_10.i686.rpm SHA-256: 2454f4a9d1c3860eb7324f9932c261baf9e4de185a65be322c08978d953fdd13
ntp-debuginfo-4.2.6p5-15.el6_10.i686.rpm SHA-256: 2454f4a9d1c3860eb7324f9932c261baf9e4de185a65be322c08978d953fdd13
ntp-doc-4.2.6p5-15.el6_10.noarch.rpm SHA-256: 9c2051e15852df7a4618751a623362772961e6a59c3fff1b7692ca74b24861e7
ntp-perl-4.2.6p5-15.el6_10.i686.rpm SHA-256: 47a3f73d5d58677d2ae68679b2f3281e5e7127be84d17cfa4ec51a33fc63bbed
ntpdate-4.2.6p5-15.el6_10.i686.rpm SHA-256: ff623aea77c266d381b7a657732b364aeaca35878a80c7e88da3f8c6ee259dd7

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM
ntp-4.2.6p5-15.el6_10.src.rpm SHA-256: 5acef5e4191af9c1e260cb66a5a624716112a8434e93d07025162355e7b39bb7
x86_64
ntp-4.2.6p5-15.el6_10.x86_64.rpm SHA-256: 742c7bebe5ff01ece97121f65b417c4d45163e14b612426a08a82f4bd2fe2cc6
ntp-debuginfo-4.2.6p5-15.el6_10.x86_64.rpm SHA-256: 1a819e92b99bd127953781b356b42f37db20b33e386c9f19e9523df906b1cbd9
ntp-debuginfo-4.2.6p5-15.el6_10.x86_64.rpm SHA-256: 1a819e92b99bd127953781b356b42f37db20b33e386c9f19e9523df906b1cbd9
ntp-doc-4.2.6p5-15.el6_10.noarch.rpm SHA-256: 9c2051e15852df7a4618751a623362772961e6a59c3fff1b7692ca74b24861e7
ntp-perl-4.2.6p5-15.el6_10.x86_64.rpm SHA-256: b3f41dc9a9a8ea0e0f8b048a0407b38c11621fe3af1b1f3a008521fcf2a61db4
ntpdate-4.2.6p5-15.el6_10.x86_64.rpm SHA-256: 46c05c5cbd1ba322e16498557484020401270b08e281f9b761bbe1e05cbe82f3
i386
ntp-4.2.6p5-15.el6_10.i686.rpm SHA-256: 968c716cbfbeb4736e33cf079361830d29f5b069a79453f406f80598d538f799
ntp-debuginfo-4.2.6p5-15.el6_10.i686.rpm SHA-256: 2454f4a9d1c3860eb7324f9932c261baf9e4de185a65be322c08978d953fdd13
ntp-debuginfo-4.2.6p5-15.el6_10.i686.rpm SHA-256: 2454f4a9d1c3860eb7324f9932c261baf9e4de185a65be322c08978d953fdd13
ntp-doc-4.2.6p5-15.el6_10.noarch.rpm SHA-256: 9c2051e15852df7a4618751a623362772961e6a59c3fff1b7692ca74b24861e7
ntp-perl-4.2.6p5-15.el6_10.i686.rpm SHA-256: 47a3f73d5d58677d2ae68679b2f3281e5e7127be84d17cfa4ec51a33fc63bbed
ntpdate-4.2.6p5-15.el6_10.i686.rpm SHA-256: ff623aea77c266d381b7a657732b364aeaca35878a80c7e88da3f8c6ee259dd7

Red Hat Enterprise Linux Workstation 6

SRPM
ntp-4.2.6p5-15.el6_10.src.rpm SHA-256: 5acef5e4191af9c1e260cb66a5a624716112a8434e93d07025162355e7b39bb7
x86_64
ntp-4.2.6p5-15.el6_10.x86_64.rpm SHA-256: 742c7bebe5ff01ece97121f65b417c4d45163e14b612426a08a82f4bd2fe2cc6
ntp-debuginfo-4.2.6p5-15.el6_10.x86_64.rpm SHA-256: 1a819e92b99bd127953781b356b42f37db20b33e386c9f19e9523df906b1cbd9
ntp-debuginfo-4.2.6p5-15.el6_10.x86_64.rpm SHA-256: 1a819e92b99bd127953781b356b42f37db20b33e386c9f19e9523df906b1cbd9
ntp-doc-4.2.6p5-15.el6_10.noarch.rpm SHA-256: 9c2051e15852df7a4618751a623362772961e6a59c3fff1b7692ca74b24861e7
ntp-perl-4.2.6p5-15.el6_10.x86_64.rpm SHA-256: b3f41dc9a9a8ea0e0f8b048a0407b38c11621fe3af1b1f3a008521fcf2a61db4
ntpdate-4.2.6p5-15.el6_10.x86_64.rpm SHA-256: 46c05c5cbd1ba322e16498557484020401270b08e281f9b761bbe1e05cbe82f3
i386
ntp-4.2.6p5-15.el6_10.i686.rpm SHA-256: 968c716cbfbeb4736e33cf079361830d29f5b069a79453f406f80598d538f799
ntp-debuginfo-4.2.6p5-15.el6_10.i686.rpm SHA-256: 2454f4a9d1c3860eb7324f9932c261baf9e4de185a65be322c08978d953fdd13
ntp-debuginfo-4.2.6p5-15.el6_10.i686.rpm SHA-256: 2454f4a9d1c3860eb7324f9932c261baf9e4de185a65be322c08978d953fdd13
ntp-doc-4.2.6p5-15.el6_10.noarch.rpm SHA-256: 9c2051e15852df7a4618751a623362772961e6a59c3fff1b7692ca74b24861e7
ntp-perl-4.2.6p5-15.el6_10.i686.rpm SHA-256: 47a3f73d5d58677d2ae68679b2f3281e5e7127be84d17cfa4ec51a33fc63bbed
ntpdate-4.2.6p5-15.el6_10.i686.rpm SHA-256: ff623aea77c266d381b7a657732b364aeaca35878a80c7e88da3f8c6ee259dd7

Red Hat Enterprise Linux Desktop 6

SRPM
ntp-4.2.6p5-15.el6_10.src.rpm SHA-256: 5acef5e4191af9c1e260cb66a5a624716112a8434e93d07025162355e7b39bb7
x86_64
ntp-4.2.6p5-15.el6_10.x86_64.rpm SHA-256: 742c7bebe5ff01ece97121f65b417c4d45163e14b612426a08a82f4bd2fe2cc6
ntp-debuginfo-4.2.6p5-15.el6_10.x86_64.rpm SHA-256: 1a819e92b99bd127953781b356b42f37db20b33e386c9f19e9523df906b1cbd9
ntp-debuginfo-4.2.6p5-15.el6_10.x86_64.rpm SHA-256: 1a819e92b99bd127953781b356b42f37db20b33e386c9f19e9523df906b1cbd9
ntp-doc-4.2.6p5-15.el6_10.noarch.rpm SHA-256: 9c2051e15852df7a4618751a623362772961e6a59c3fff1b7692ca74b24861e7
ntp-perl-4.2.6p5-15.el6_10.x86_64.rpm SHA-256: b3f41dc9a9a8ea0e0f8b048a0407b38c11621fe3af1b1f3a008521fcf2a61db4
ntpdate-4.2.6p5-15.el6_10.x86_64.rpm SHA-256: 46c05c5cbd1ba322e16498557484020401270b08e281f9b761bbe1e05cbe82f3
i386
ntp-4.2.6p5-15.el6_10.i686.rpm SHA-256: 968c716cbfbeb4736e33cf079361830d29f5b069a79453f406f80598d538f799
ntp-debuginfo-4.2.6p5-15.el6_10.i686.rpm SHA-256: 2454f4a9d1c3860eb7324f9932c261baf9e4de185a65be322c08978d953fdd13
ntp-debuginfo-4.2.6p5-15.el6_10.i686.rpm SHA-256: 2454f4a9d1c3860eb7324f9932c261baf9e4de185a65be322c08978d953fdd13
ntp-doc-4.2.6p5-15.el6_10.noarch.rpm SHA-256: 9c2051e15852df7a4618751a623362772961e6a59c3fff1b7692ca74b24861e7
ntp-perl-4.2.6p5-15.el6_10.i686.rpm SHA-256: 47a3f73d5d58677d2ae68679b2f3281e5e7127be84d17cfa4ec51a33fc63bbed
ntpdate-4.2.6p5-15.el6_10.i686.rpm SHA-256: ff623aea77c266d381b7a657732b364aeaca35878a80c7e88da3f8c6ee259dd7

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
ntp-4.2.6p5-15.el6_10.src.rpm SHA-256: 5acef5e4191af9c1e260cb66a5a624716112a8434e93d07025162355e7b39bb7
s390x
ntp-4.2.6p5-15.el6_10.s390x.rpm SHA-256: af88d2b6644cab97e35478e01ede39477f2ce17b5db6b554365c956fd98b3c7f
ntp-debuginfo-4.2.6p5-15.el6_10.s390x.rpm SHA-256: 9e51622d98e9a2f97556148ea43b913e3c97c83bb1ded6a9622eef8d91e1fd31
ntp-debuginfo-4.2.6p5-15.el6_10.s390x.rpm SHA-256: 9e51622d98e9a2f97556148ea43b913e3c97c83bb1ded6a9622eef8d91e1fd31
ntp-doc-4.2.6p5-15.el6_10.noarch.rpm SHA-256: 9c2051e15852df7a4618751a623362772961e6a59c3fff1b7692ca74b24861e7
ntp-perl-4.2.6p5-15.el6_10.s390x.rpm SHA-256: 1f2e29e05d181d407a4ad41ee56fc4078067c89b7a9200435f01cdfa4544aa50
ntpdate-4.2.6p5-15.el6_10.s390x.rpm SHA-256: 4728fa1dd0fa73068a511034ce86e37ddb35ff5dc90c87d01f5b6599adf84993

Red Hat Enterprise Linux for Power, big endian 6

SRPM
ntp-4.2.6p5-15.el6_10.src.rpm SHA-256: 5acef5e4191af9c1e260cb66a5a624716112a8434e93d07025162355e7b39bb7
ppc64
ntp-4.2.6p5-15.el6_10.ppc64.rpm SHA-256: 9bd7c27f017c73c852e5746306f279bf408273f4f7ede2babb729c5e2fc4f35d
ntp-debuginfo-4.2.6p5-15.el6_10.ppc64.rpm SHA-256: cdb03167d51c99f8b9a7799850269c5080d3c95d43b6b647a273adf8f8eb3d32
ntp-debuginfo-4.2.6p5-15.el6_10.ppc64.rpm SHA-256: cdb03167d51c99f8b9a7799850269c5080d3c95d43b6b647a273adf8f8eb3d32
ntp-doc-4.2.6p5-15.el6_10.noarch.rpm SHA-256: 9c2051e15852df7a4618751a623362772961e6a59c3fff1b7692ca74b24861e7
ntp-perl-4.2.6p5-15.el6_10.ppc64.rpm SHA-256: c9a26bd9a68195aca43bfed48e6c489da4c8f044e6d4481dfa42e43234ce14f4
ntpdate-4.2.6p5-15.el6_10.ppc64.rpm SHA-256: c410719162781fbb6e63b70f6a91a6ae5f738b53474d318f5d13066824092d69

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
ntp-4.2.6p5-15.el6_10.src.rpm SHA-256: 5acef5e4191af9c1e260cb66a5a624716112a8434e93d07025162355e7b39bb7
x86_64
ntp-4.2.6p5-15.el6_10.x86_64.rpm SHA-256: 742c7bebe5ff01ece97121f65b417c4d45163e14b612426a08a82f4bd2fe2cc6
ntp-debuginfo-4.2.6p5-15.el6_10.x86_64.rpm SHA-256: 1a819e92b99bd127953781b356b42f37db20b33e386c9f19e9523df906b1cbd9
ntp-debuginfo-4.2.6p5-15.el6_10.x86_64.rpm SHA-256: 1a819e92b99bd127953781b356b42f37db20b33e386c9f19e9523df906b1cbd9
ntp-doc-4.2.6p5-15.el6_10.noarch.rpm SHA-256: 9c2051e15852df7a4618751a623362772961e6a59c3fff1b7692ca74b24861e7
ntp-perl-4.2.6p5-15.el6_10.x86_64.rpm SHA-256: b3f41dc9a9a8ea0e0f8b048a0407b38c11621fe3af1b1f3a008521fcf2a61db4
ntpdate-4.2.6p5-15.el6_10.x86_64.rpm SHA-256: 46c05c5cbd1ba322e16498557484020401270b08e281f9b761bbe1e05cbe82f3

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6

SRPM
ntp-4.2.6p5-15.el6_10.src.rpm SHA-256: 5acef5e4191af9c1e260cb66a5a624716112a8434e93d07025162355e7b39bb7
s390x
ntp-4.2.6p5-15.el6_10.s390x.rpm SHA-256: af88d2b6644cab97e35478e01ede39477f2ce17b5db6b554365c956fd98b3c7f
ntp-debuginfo-4.2.6p5-15.el6_10.s390x.rpm SHA-256: 9e51622d98e9a2f97556148ea43b913e3c97c83bb1ded6a9622eef8d91e1fd31
ntp-debuginfo-4.2.6p5-15.el6_10.s390x.rpm SHA-256: 9e51622d98e9a2f97556148ea43b913e3c97c83bb1ded6a9622eef8d91e1fd31
ntp-doc-4.2.6p5-15.el6_10.noarch.rpm SHA-256: 9c2051e15852df7a4618751a623362772961e6a59c3fff1b7692ca74b24861e7
ntp-perl-4.2.6p5-15.el6_10.s390x.rpm SHA-256: 1f2e29e05d181d407a4ad41ee56fc4078067c89b7a9200435f01cdfa4544aa50
ntpdate-4.2.6p5-15.el6_10.s390x.rpm SHA-256: 4728fa1dd0fa73068a511034ce86e37ddb35ff5dc90c87d01f5b6599adf84993

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.