Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 20: Chrony Security Advisory for DoS and Authentication Risks

fedora
Calendar Grey April 24, 2015
Dist Fedora Esm H88
The recent update to Chrony addresses critical vulnerabilities in Fedora 20, ensuring enhanced security against various potential threats.
Security fix for CVE-2015-1853, CVE-2015-1821, CVE-2015-1822

Summary

A client/server for the Network Time Protocol, this program keeps your

computer's clock accurate. It was specially designed to support

systems with intermittent internet connections, but it also works well

in permanently connected environments. It can use also hardware reference

clocks, system real-time clock or manual input as time references.

Update Information:

Security fix for CVE-2015-1853, CVE-2015-1821, CVE-2015-1822

Topics%20covered

Topics Covered

security advisory fedora update DoS security fix authentication chrony

Change Log

* Wed Apr 8 2015 Miroslav Lichvar 1.31.1-1 - update to 1.31.1 (CVE-2015-1853 CVE-2015-1821 CVE-2015-1822) * Thu Sep 11 2014 Miroslav Lichvar 1.31-1 - update to 1.31 - add servers from DHCP with iburst option by default - use upstream configuration files and scripts - don't package configuration examples - compress chrony.txt * Thu Aug 21 2014 Miroslav Lichvar 1.31-0.1.pre1 - update to 1.31-pre1 - use license macro if available * Sat Aug 16 2014 Fedora Release Engineering - 1.30-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Fri Aug 15 2014 Miroslav Lichvar 1.30-2 - reconnect client sockets (#1124059) * Tue Jul 1 2014 Miroslav Lichvar 1.30-1 - update to 1.30 - enable debug messages * Mon Jun 9 2014 Miroslav Lichvar 1.30-0.1.pre1 - update to 1.30-pre1 - execute test suite - avoid calling systemctl in helper script - call chronyc directly from logrotate and NM dispatcher scripts - add conflict with systemd-timesyncd service * Sat Jun 7 2014 Fedora Release Engineering - 1.29.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri Jan 31 2014 Miroslav Lichvar 1.29.1-1 - update to 1.29.1 (CVE-2014-0021) - replace hardening build flags with _hardened_build * Tue Nov 19 2013 Miroslav Lichvar 1.29-3 - let systemd remove pid file (#974305) * Thu Oct 3 2013 Miroslav Lichvar 1.29-2 - add ordering dependency to not start chronyd before ntpd stopped

References


[ 1 ] Bug #1209631 - CVE-2015-1821 chrony: Heap out of bound write in address filter https://bugzilla.redhat.com/show_bug.cgi?id=1209631 [ 2 ] Bug #1209572 - CVE-2015-1853 chrony: authentication doesn't protect symmetric associations against DoS attacks https://bugzilla.redhat.com/show_bug.cgi?id=1209572 [ 3 ] Bug #1209632 - CVE-2015-1822 chrony: uninitialized pointer in cmdmon reply slots https://bugzilla.redhat.com/show_bug.cgi?id=1209632

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update chrony' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: chrony
Product: Fedora 20
Version: 1.31.1
Release: 1.fc20
URL: Summary : An NTP client/server

Topics%20covered

Topics Covered

security advisory fedora update DoS security fix authentication chrony

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here