Mageia Advisory: MGASA-2014-0052 - Updated chrony package fixes security vulnerability

Updated chrony package fixes security vulnerability

Publication date: 11 Feb 2014
Modification date: 11 Feb 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-0021

Description

Updated chrony package fixes security vulnerability:

In the chrony control protocol some replies are significantly larger than
their requests, which allows an attacker to use it in an amplification
attack (CVE-2014-0021).

Note: in the default configuration, cmdallow is restricted to localhost,
so significant amplification is only possible if the configuration has
been changed to allow cmdallow from other hosts. Even from hosts whose
access is denied, minor amplification is still possible.

References

https://bugs.mageia.org/show_bug.cgi?id=12347
http://chrony.tuxfamily.org/News.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0021

SRPMS

4/core

chrony-1.29.1-1.mga4

Advisories » MGASA-2014-0052

Updated chrony package fixes security vulnerability

Description

References

SRPMS

4/core