NTF's NTP Project has been notified of a number of vulnerabilities from Neel Mehta and Stephen Roettger of Google's Security Team. The two most serious of these issues and four less serious issues have been resolved as of ntp-4.2.8, which was released on 18 December 2014. There are still two less significant issues to be addressed. We're expecting to fix these within the next month.
And from that wonderful ZDNet publication a scare you article.
Main thing is.. if you use NTP and you haven't updated your VPS/Dedi, I'd suggest doing so.