Fedora 21: 2015-5816 Critical: Chrony DoS and Authentication Risks
fedora
April 22, 2015
Security fix for CVE-2015-1853, CVE-2015-1821, CVE-2015-1822
Summary
A client/server for the Network Time Protocol, this program keeps your
computer's clock accurate. It was specially designed to support
systems with intermittent internet connections, but it also works well
in permanently connected environments. It can use also hardware reference
clocks, system real-time clock or manual input as time references.
Update Information:
Security fix for CVE-2015-1853, CVE-2015-1821, CVE-2015-1822
Topics Covered
Change Log
* Wed Apr 8 2015 Miroslav Lichvar
References
[ 1 ] Bug #1209631 - CVE-2015-1821 chrony: Heap out of bound write in address filter
https://bugzilla.redhat.com/show_bug.cgi?id=1209631
[ 2 ] Bug #1209572 - CVE-2015-1853 chrony: authentication doesn't protect symmetric associations against DoS attacks
https://bugzilla.redhat.com/show_bug.cgi?id=1209572
[ 3 ] Bug #1209632 - CVE-2015-1822 chrony: uninitialized pointer in cmdmon reply slots
https://bugzilla.redhat.com/show_bug.cgi?id=1209632
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update chrony' at the command line. For more information, refer to "Managing Software with yum", available at .
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: chrony
Product: Fedora 21
Version: 1.31.1
Release: 1.fc21
URL: Summary : An NTP client/server
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!