The remote host is missing an update to ntp announced via advisory FEDORA-2009-0544.

Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update ntp' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-0544

Update Information: This update fixes CVE-2009-0021: NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. ChangeLog: * Mon Jan 12 2009 Miroslav Lichvar 4.2.4p6-1 - update to 4.2.4p6 (CVE-2009-0021)

• https://bugzilla.redhat.com/show_bug.cgi?id=476807

---

Updated on 2015-03-25