Several remote vulnerabilities have been discovered in NTP, the Network Time Protocol reference implementation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0159 A buffer overflow in ntpq allow a remote NTP server to create a denial of service attack or to execute arbitrary code via a crafted response. CVE-2009-1252 A buffer overflow in ntpd allows a remote attacker to create a denial of service attack or to execute arbitrary code when the autokey functionality is enabled. For the old stable distribution , these problems have been fixed in version 4.2.2.p4+dfsg-2etch3. For the stable distribution , these problems have been fixed in version 4.2.4p4+dfsg-8lenny2. The unstable distribution will be fixed soon. We recommend that you upgrade your ntp package.