ntp-4.2.6p5-10.2.0.1.AXS4

The Network Time Protocol (NTP) is used to synchronize a computer's
time with another reference time source. This package includes ntpd
(a daemon which continuously adjusts system time) and utilities used
to query and configure the ntpd daemon.

Perl scripts ntp-wait and ntptrace are in the ntp-perl package and
the ntpdate program is in the ntpdate package. The documentation is
in the ntp-doc package.

Security issues fixed with this release:

CVE-2016-7426
NTP before 4.2.8p9 rate limits responses received from the configured
sources when rate limiting for all associations is enabled, which
allows remote attackers to cause a denial of service (prevent
responses from the sources) by sending responses with a spoofed source
address.
CVE-2016-7429
NTP before 4.2.8p9 changes the peer structure to the interface it
receives the response from a source, which allows remote attackers to
cause a denial of service (prevent communication with a source) by
sending a response for a source to an interface the source does not
use.
CVE-2016-7433
NTP before 4.2.8p9 does not properly perform the initial sync
calculations, which allows remote attackers to unspecified impact via
unknown vectors, related to a "root distance that did not include the
peer dispersion."
CVE-2016-9310
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9
allows remote attackers to set or unset traps via a crafted control
mode packet.
CVE-2016-9311
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows
remote attackers to cause a denial of service (NULL pointer
dereference and crash) via a crafted packet.