Advisories ยป MGASA-2020-0341

Updated chrony package fixes security vulnerability

Publication date: 22 Aug 2020
Modification date: 22 Aug 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-14367

Description

Chrony's method of opening its PID file could allow a compromised chrony user
account to overwrite files in certain parts of the filesystem with chrony's
PID, using a symlink attack (CVE-2020-14367).
                

References

SRPMS

7/core