patches/packages/ntp-4.2.4p7-i486-1_slack12.2.tgz:
Upgraded to ntp-4.2.4p7.
Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq
in NTP before 4.2.4p7-RC2 allows arbitrary code execution by a malicious
remote NTP server.
Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in
ntpd in NTP before 4.2.4p7 allows remote attackers to execute arbitrary code.
This does not affect the Slackware ntpd as it does not link with openssl.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252
(* Security fix *)