This is a critical security update for the Network Time Protocol. Network Time Protocol version 4.2.8-1 has been built, being renumbered 4.2.8-0.10.

Arch Linux Security Advisory ASA-201412-24

Severity: Critical Date : 2014-12-22 CVE-ID : CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 Package : ntp Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE-2014

Summary

The package ntp before version 4.2.8-1 is vulnerable to multiple issues including but not limited to arbitrary code execution, denial of service and weak key generation.

Jasper and glibc security updates have also been pushed to stable in the last few days. Please update as soon as your mirror syncs (mirrors generally sync every 12 or 24 hours).