Gentoo Linux Security Advisory GLSA 200904-05 – An error in the OpenSSL certificate chain validation in ntp might allow for spoofing attacks. It has been reported that ntp incorrectly checks the return value of the EVP_VerifyFinal(), a vulnerability related to CVE-2008-5077 (GLSA 200902-02). Versions less than 4.2.4_p6 are affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/76379/glsa-200904-05.txt
Source: https://packetstormsecurity.com/files/76379/Gentoo-Linux-Security-Advisory-200904-5.html