Synopsis:	Moderate: ntp security update
Issue date:	2009-01-29
CVE Names:	CVE-2009-0021

A flaw was discovered in the way the ntpd daemon checked the return 
value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4
authentication, this could lead to an incorrect verification of
cryptographic signatures, allowing time-spoofing attacks. (CVE-2009-0021)

Note: This issue only affects systems that have enabled NTP 
authentication. By default, NTP authentication is not enabled.

After installing the update, the ntpd daemon will restart automatically.


SL 4.x

      SRPMS:
ntp-4.2.0.a.20040617-8.el4_7.1.src.rpm
      i386:
ntp-4.2.0.a.20040617-8.el4_7.1.i386.rpm
      x86_64:
ntp-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm

SL 5.x

      SRPMS:
ntp-4.2.2p1-9.el5_3.1.src.rpm
      i386:
ntp-4.2.2p1-9.el5_3.1.i386.rpm
      x86_64:
ntp-4.2.2p1-9.el5_3.1.x86_64.rpm

-Connie Sieh
-Troy Dawson