Stephen Roettger, Sebastian Krahmer, and Harlan Stenn discovered that NTPincorrectly handled the length value in extension fields. A remote attackercould use this issue to possibly obtain leaked information, or cause theNTP daemon to crash, resulting in a denial of service. (CVE-2014-9297)
Stephen Roettger discovered that NTP incorrectly handled ACLs based oncertain IPv6 addresses. (CVE-2014-9298)
The problem can be corrected by updating your system to the following
To update your system, please follow these instructions:
In general, a standard system update will make all the necessary changes.