1
Candidate: CVE-2009-0021
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021
5
http://www.ocert.org/advisories/ocert-2008-016.html
6
https://usn.ubuntu.com/usn/usn-705-1
8
NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check
9
the return value from the OpenSSL EVP_VerifyFinal function, which allows
10
remote attackers to bypass validation of the certificate chain via a
11
malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability
16
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/314776
22
upstream_ntp: pending (4.2.4p6)
23
dapper_ntp: released (1:4.2.0a+stable-8.1ubuntu6.1)
24
gutsy_ntp: released (1:4.2.4p0+dfsg-1ubuntu2.1)
25
hardy_ntp: released (1:4.2.4p4+dfsg-3ubuntu2.1)
26
intrepid_ntp: released (1:4.2.4p4+dfsg-6ubuntu2.2)
27
devel_ntp: released (1:4.2.4p4+dfsg-7ubuntu3)