[ntp:announce] NTP 4.2.4p6 Released

NTP Public Services Project webmaster at ntp.org
Thu Jan 8 15:12:36 UTC 2009

Redwood City, CA - 2009/01/08 - The NTP Public Services Project
(http://support.ntp.org/) is pleased to announce that NTP 4.2.4p6,
a Point Release of the NTP Reference Implementation from the
NTP Project, is now available at http://www.ntp.org/downloads.html and

This release fixes oCERT.org's CVE-2009-0021, a vulnerability affecting
the OpenSSL library relating to the incorrect checking of the return
value of EVP_VerifyFinal function.

Credit for finding this issue goes to the Google Security Team for
finding the original issue with OpenSSL, and to ocert.org for finding
the problem in NTP and telling us about it.

This is a recommended upgrade.

The file-size of this Point Release is 3443787 bytes. An MD5 sum
of this release is available at http://www.ntp.org/downloads.html and

Please report any bugs, issues, or desired enhancements at

The NTP (Network Time Protocol) Public Services Project, which is
hosted by Internet Systems Consortium, Inc. (http://www.isc.org/),
provides support and additional development resources for the
Reference Implementation of NTP produced by the NTP Project

More information about the announce mailing list