CESA-2009:0046 -- centos 5 x86_64 ntpID: oval:org.secpod.oval:def:202074 | Date: (C)2012-01-31 (M)2022-10-10 |
Class: PATCH | Family: unix |
The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. A flaw was discovered in the way the ntpd daemon checked the return value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4 authentication, this could lead to an incorrect verification of cryptographic signatures, allowing time-spoofing attacks. Note: This issue only affects systems that have enabled NTP authentication. By default, NTP authentication is not enabled. All ntp users are advised to upgrade to the updated packages, which contain a backported patch to resolve this issue. After installing the update, the ntpd daemon will restart automatically.