Ubuntu Security Notice USN-777-1 – A stack-based buffer overflow was discovered in ntpq. If a user were tricked into connecting to a malicious ntp server, a remote attacker could cause a denial of service in ntpq, or possibly execute arbitrary code with the privileges of the user invoking the program. Chris Ries discovered a stack-based overflow in ntp. If ntp was configured to use autokey, a remote attacker could send a crafted packet to cause a denial of service, or possible execute arbitrary code.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/77673/USN-777-1.txt
Source: https://packetstormsecurity.com/files/77673/Ubuntu-Security-Notice-777-1.html