Fedora 27: FEDORA-2018-7051d682fa Moderate: NTP Buffer Overflow

The Network Time Protocol (NTP) is used to synchronize a computer's

time with another reference time source. This package includes ntpd

(a daemon which continuously adjusts system time) and utilities used

to query and configure the ntpd daemon.

Perl scripts are in the ntp-perl package, ntpdate is in the ntpdate

package and sntp is in the sntp package. The documentation in HTML

format is in the ntp-doc package.

Security fix for CVE-2018-12327 and fixed fix for CVE-2018-7170.

* Wed Aug 15 2018 Miroslav Lichvar 4.2.8p12-1

- update to 4.2.8p12 (CVE-2018-12327 CVE-2018-7170)

* Thu Mar 1 2018 Miroslav Lichvar 4.2.8p11-1

- update to 4.2.8p11 (CVE-2016-1549, CVE-2018-7170, CVE-2018-7182,

CVE-2018-7183, CVE-2018-7184, CVE-2018-7185)

- use noepeer restriction in default config

[ 1 ] Bug #1593580 - CVE-2018-12327 ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution

https://bugzilla.redhat.com/show_bug.cgi?id=1593580

su -c 'dnf upgrade --advisory FEDORA-2018-7051d682fa' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/