ntp security update

CentOS Errata and Security Advisory CESA-2006:0393

The Network Time Protocol (NTP) is used to synchronize a computer’s time
with a reference time source.

The NTP daemon (ntpd), when run with the -u option and using a string to
specify the group, uses the group ID of the user instead of the group,
which causes ntpd to run with different privileges than intended.
(CVE-2005-2496)

The following issues have also been addressed in this update:

• The init script had several problems
• The script executed on upgrade could fail
• The man page for ntpd indicated the wrong option for specifying a chroot
  directory
• The ntp daemon could crash with the message “Exiting: No more memory!”
• There is a new option for syncing the hardware clock after a successful
  run of ntpdate

Users of ntp should upgrade to these updated packages, which resolve these
issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-August/075313.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075314.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075331.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075332.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075333.html

Affected packages:
ntp

Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0393