Redwood City, CA - 2009/01/08 - The NTP Public Services Project (http://support.ntp.org/) is pleased to announce that NTP 4.2.4p6, a Point Release of the NTP Reference Implementation from the NTP Project, is now available at http://www.ntp.org/downloads.html and http://support.ntp.org/download.
This release fixes oCERT.org's CVE-2009-0021, a vulnerability affecting the OpenSSL library relating to the incorrect checking of the return value of EVP_VerifyFinal function. Credit for finding this issue goes to the Google Security Team for finding the original issue with OpenSSL, and to ocert.org for finding the problem in NTP and telling us about it. This is a recommended upgrade. The file-size of this Point Release is 3443787 bytes. An MD5 sum of this release is available at http://www.ntp.org/downloads.html and http://support.ntp.org/download. Please report any bugs, issues, or desired enhancements at http://bugs.ntp.org/. The NTP (Network Time Protocol) Public Services Project, which is hosted by Internet Systems Consortium, Inc. (http://www.isc.org/), provides support and additional development resources for the Reference Implementation of NTP produced by the NTP Project (http://www.ntp.org/). _______________________________________________ questions mailing list [email protected] https://lists.ntp.org/mailman/listinfo/questions
