Synopsis: Moderate: ntp security update Issue date: 2009-01-29 CVE Names: CVE-2009-0021 A flaw was discovered in the way the ntpd daemon checked the return value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4 authentication, this could lead to an incorrect verification of cryptographic signatures, allowing time-spoofing attacks. (CVE-2009-0021) Note: This issue only affects systems that have enabled NTP authentication. By default, NTP authentication is not enabled. After installing the update, the ntpd daemon will restart automatically. SL 4.x SRPMS: ntp-4.2.0.a.20040617-8.el4_7.1.src.rpm i386: ntp-4.2.0.a.20040617-8.el4_7.1.i386.rpm x86_64: ntp-4.2.0.a.20040617-8.el4_7.1.x86_64.rpm SL 5.x SRPMS: ntp-4.2.2p1-9.el5_3.1.src.rpm i386: ntp-4.2.2p1-9.el5_3.1.i386.rpm x86_64: ntp-4.2.2p1-9.el5_3.1.x86_64.rpm -Connie Sieh -Troy Dawson