Update to the latest upstream release, which fixes CVE-2021-22212 (ntpkeygen generates weak keys).
The ntpd daemon will refuse to start if a key impacted by the ntpkeygen bug is detected in the key file. The key needs to be replaced with a new key. A comment following a key in the key file needs to be separated by at least one space or tab character to avoid the detection.
The update also enables support for hardware reference clocks.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2021-3ffc890685Please log in to add feedback.
This update has been submitted for testing by mlichvar.
This update's test gating status has been changed to 'ignored'.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
This update has been pushed to testing.
This update has been submitted for stable by bodhi.
This update has been unpushed.
mlichvar edited this update.
New build(s):
Removed build(s):
Karma has been reset.
This update has been submitted for testing by mlichvar.
This update has been pushed to testing.
Refclock support is working for at least nmea and shm. I ran ntpkeygen in a loop for about 30 minutes and it didn't generate any bad keys.
This update has been submitted for stable by bodhi.
This update has been pushed to stable.