Vulnerable NTP package on Ubuntu slave nodes
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Fix Released
|
High
|
MOS Linux |
Bug Description
NTP package on Ubuntu slave nodes is vulnerable.
https:/
BTW, I'm curious why we are providing own NTP rather using Ubuntu delivered ones?
apt-cache policy ntp
ntp:
Installed: 2:4.2.6.
Candidate: 2:4.2.6.
Version table:
*** 2:4.2.6.
1050 http://
1050 http://
100 /var/lib/
1:
500 http://
500 http://
1:
500 http://
root@node-22:~# apt-cache policy ntpdate
ntpdate:
Installed: 2:4.2.6.
Candidate: 2:4.2.6.
Version table:
*** 2:4.2.6.
1050 http://
1050 http://
100 /var/lib/
1:
500 http://
500 http://
1:
500 http://
Changed in mos: | |
assignee: | nobody → MOS Maintenance (mos-maintenance) |
tags: | added: customer-found sla1 |
Changed in mos: | |
assignee: | MOS Maintenance (mos-maintenance) → MOS Linux (mos-linux) |
Changed in mos: | |
status: | New → Confirmed |
tags: | added: area-linux |
Changed in mos: | |
status: | Confirmed → In Progress |
Changed in mos: | |
milestone: | 9.x-updates → 9.2-mu-1 |
Changed in mos: | |
status: | In Progress → Fix Committed |
information type: | Private Security → Public Security |
Verified on 9.2 mu1 updates. p5+dfsg- 3~u14.04+ mos3 p5+dfsg- 3~u14.04+ mos3
New package installed:
ntp:
Installed: 2:4.2.6.
ntpdate:
Installed: 2:4.2.6.