This issue did not affect the versions of ntp as shipped with any Red Hat Enterprise Linux version as they already included a fix for this issue in the patch provided to fix the CVE-2015-7979 issue. The fix for this issue (developed by Red Hat) was different from the one provided by upstream, and thus ntp versions in RHEL are not affected by CVE-2016-4953.
CVSS v2 metrics
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Affected Packages State
|Red Hat Enterprise Linux 7||ntp||Not affected|
|Red Hat Enterprise Linux 6||ntp||Not affected|
|Red Hat Enterprise Linux 5||ntp||Not affected|
AcknowledgementsThis issue was discovered by Miroslav Lichvar (Red Hat).
CVE description copyright © 2017, The MITRE Corporation