Oval Definition:oval:com.redhat.rhsa:def:20060393
Revision Date:2006-08-10Version:639
Title:RHSA-2006:0393: ntp security update (Low)
Description:The Network Time Protocol (NTP) is used to synchronize a computer's time with a reference time source.

  • The NTP daemon (ntpd), when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes ntpd to run with different privileges than intended. (CVE-2005-2496)

    The following issues have also been addressed in this update: - The init script had several problems - The script executed on upgrade could fail - The man page for ntpd indicated the wrong option for specifying a chroot directory - The ntp daemon could crash with the message "Exiting: No more memory!" - There is a new option for syncing the hardware clock after a successful run of ntpdate

    Users of ntp should upgrade to these updated packages, which resolve these issues.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2005-2496
    RHSA-2006:0393
    RHSA-2006:0393-01
    RHSA-2006:0393-01
    Platform(s):Red Hat Enterprise Linux 4
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND ntp is earlier than 0:4.2.0.a.20040617-4.EL4.1
  • AND ntp is signed with Red Hat redhatrelease2 key
  • BACK