| Description: | Updated ntp packages to correct a security issue are now available for RedHat Enterprise Linux 4 and 5.This update has been rated as having moderate security impact by the RedHat Security Response Team.The Network Time Protocol (NTP) is used to synchronize a computer's timewith a referenced time source.A flaw was discovered in the way the ntpd daemon checked the return valueof the OpenSSL EVP_VerifyFinal function. On systems using NTPv4authentication, this could lead to an incorrect verification ofcryptographic signatures, allowing time-spoofing attacks. (CVE-2009-0021) |