Updated chrony package fixes security vulnerability
Publication date: 22 Aug 2020Modification date: 22 Aug 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-14367
Description
Chrony's method of opening its PID file could allow a compromised chrony user account to overwrite files in certain parts of the filesystem with chrony's PID, using a symlink attack (CVE-2020-14367).
References
SRPMS
7/core
- chrony-3.4-2.1.mga7