Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time. Red Hat products ship newer versions.
As per the CERT advisory, this issue has been resolved by ntp version 4. All Red Hat products ship ntp-4, therefore there are not affected by this flaw.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):