I did # yum upgrade ntp. It completes successfully.
/var/log/yum.log shows:
Apr 12 17:18:54 Updated: openssl-1.0.1e-16.el6_5.7.x86_64
Apr 12 17:18:55 Updated: ntpdate-4.2.6p5-1.el6.centos.x86_64
Apr 12 17:18:55 Updated: ntp-4.2.6p5-1.el6.centos.x86_64

# yum history
Loaded plugins: fastestmirror, refresh-packagekit, security
ID | Login user | Date and time | Action(s) | Altered
-------------------------------------------------------------------------------
27 | root <root> | 2014-04-12 17:18 | Update | 3 EE
…
Now, I like to rollback the ntp package.
# yum history undo 27
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: mirrors.adams.net
* extras: mirror.kentdigital.net
* updates: mirrors.centarra.com
Undoing transaction 27, from Sat Apr 12 17:18:52 2014
Updated ntp-4.2.4p8-3.el6.centos.x86_64 @anaconda-CentOS-201303050102.x86_64/6.4
Update 4.2.6p5-1.el6.centos.x86_64 @base
Updated ntpdate-4.2.4p8-3.el6.centos.x86_64 @anaconda-CentOS-201303050102.x86_64/6.4
Update 4.2.6p5-1.el6.centos.x86_64 @base
Updated openssl-1.0.0-27.el6_4.2.x86_64 @updates
Update 1.0.1e-16.el6_5.7.x86_64 @updates
Failed to downgrade: ntp-4.2.4p8-3.el6.centos.x86_64
Failed to downgrade: ntpdate-4.2.4p8-3.el6.centos.x86_64
Failed to downgrade: openssl-1.0.0-27.el6_4.2.x86_64

cat /etc/yum.conf
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=5
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=16&ref=http://bugs.centos.org/bug_report_page.php?category=yum
distroverpkg=centos-release

O/S: CentOS release 6.4 (Final)

Thanks.
WL

what is it you want to do ?
because you REALLY WANT THIS INSTALLED!!!!!!!!!
" openssl-1.0.1e-16.el6_5.7.x86_64"

as to Network Time Protocol " ntp-4.2.6p5-1 " and "ntpdate-4.2.6p5-1"

why do you think you need to remove the current bug fix ( required by openssl)

the problem is that
"ntpdate" is needed by "ntp"
and
"ntp" is needed by "openssl"

the only way is to but back in the hartbleed bug

Not really. The Heartbleed bug wasn't fixed until 1.0.1g.

the update date on the openssl ( update 5.7) rpm for cent6.5 is April 8 2014
https://www.centos.org/forums/viewto...p?f=17&t=45842

as with RHEL security updates are backported to the current minor version
cent6.5 will always have openssl-1.0.1e
Centos 6.6 will have a newer minor version

Interesting. Does openssl version report the entire (extended) version number on RHEL/CentOS systems?