The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. A flaw was discovered in the way the ntpd daemon checked the return value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4 authentication, this could lead to an incorrect verification of cryptographic signatures, allowing time-spoofing attacks. Note: This issue only affects systems that have enabled NTP authentication. By default, NTP authentication is not enabled. All ntp users are advised to upgrade to the updated packages, which contain a backported patch to resolve this issue. After installing the update, the ntpd daemon will restart automatically.