Updated chrony packages fix security vulnerabilitiesPublication date: 23 Apr 2015
Affected Mageia releases : 4
CVE: CVE-2015-1821 , CVE-2015-1822 , CVE-2015-1853
Updated chrony package fixes security vulnerabilities: Using particular address/subnet pairs when configuring access control would cause an invalid memory write. This could allow attackers to cause a denial of service (crash) or execute arbitrary code (CVE-2015-1821). When allocating memory to save unacknowledged replies to authenticated command requests, a pointer would be left uninitialized, which could trigger an invalid memory write. This could allow attackers to cause a denial of service (crash) or execute arbitrary code (CVE-2015-1822). When peering with other NTP hosts using authenticated symmetric association, the internal state variables would be updated before the MAC of the NTP messages was validated. This could allow a remote attacker to cause a denial of service by impeding synchronization between NTP peers (CVE-2015-1853).