[ntp:announce] NTP 4.2.4p6 Released
NTP Public Services Project
webmaster at ntp.org
Thu Jan 8 15:12:36 UTC 2009
Redwood City, CA - 2009/01/08 - The NTP Public Services Project
(http://support.ntp.org/) is pleased to announce that NTP 4.2.4p6,
a Point Release of the NTP Reference Implementation from the
NTP Project, is now available at http://www.ntp.org/downloads.html and
This release fixes oCERT.org's CVE-2009-0021, a vulnerability affecting
the OpenSSL library relating to the incorrect checking of the return
value of EVP_VerifyFinal function.
Credit for finding this issue goes to the Google Security Team for
finding the original issue with OpenSSL, and to ocert.org for finding
the problem in NTP and telling us about it.
This is a recommended upgrade.
The file-size of this Point Release is 3443787 bytes. An MD5 sum
of this release is available at http://www.ntp.org/downloads.html and
Please report any bugs, issues, or desired enhancements at
The NTP (Network Time Protocol) Public Services Project, which is
hosted by Internet Systems Consortium, Inc. (http://www.isc.org/),
provides support and additional development resources for the
Reference Implementation of NTP produced by the NTP Project
More information about the announce