A flaw was found in ntp before version 4.2.8p15. Systems that use a CMAC algorithm in ntp.keys will not release a bit of memory on each packet that uses a CMAC keyid, eventually causing ntpd to run out of memory and fail. References: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea http://support.ntp.org/bin/view/Main/NtpBug3661
Created ntp tracking bugs for this issue: Affects: fedora-all [bug 1850531]
Statement: As per upstream, this issue only affects ntp-4.2.8p11p to ntp-4.2.8p14p, and 4.3.97 to 4.3.100. These packages versions do not ship with any Red Hat products, therefore they are not affected by this flaw.
External References: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea http://support.ntp.org/bin/view/Main/NtpBug3661
*** Bug 1852114 has been marked as a duplicate of this bug. ***