[SECURITY] [DSA 2760-1] chrony security update

2013-09-1814:39:20

lists.debian.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.013

Percentile

86.2%

JSON

Debian Security Advisory DSA-2760-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
September 18, 2013 http://www.debian.org/security/faq

Package : chrony
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-4502 CVE-2012-4503

Florian Weimer discovered two security problems in the Chrony time
synchronisation software (buffer overflows and use of uninitialised data
in command replies).

For the oldstable distribution (squeeze), these problems will be fixed
soon in 1.24-3+squeeze1 (due to a technical restriction in the archive
processing scripts the two updates cannot be released together).

For the stable distribution (wheezy), these problems have been fixed in
version 1.24-3.1+deb7u2.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your chrony packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6ia64chrony< 1.24-3+squeeze1+b1chrony_1.24-3+squeeze1+b1_ia64.deb
Debian6armelchrony< 1.24-3+squeeze1+b1chrony_1.24-3+squeeze1+b1_armel.deb
Debian6s390chrony< 1.24-3+squeeze1+b1chrony_1.24-3+squeeze1+b1_s390.deb
Debian7sparcchrony< 1.24-3.1+deb7u2chrony_1.24-3.1+deb7u2_sparc.deb
Debian7ia64chrony< 1.24-3.1+deb7u2chrony_1.24-3.1+deb7u2_ia64.deb
Debian7s390chrony< 1.24-3.1+deb7u2chrony_1.24-3.1+deb7u2_s390.deb
Debian7amd64chrony< 1.24-3.1+deb7u2chrony_1.24-3.1+deb7u2_amd64.deb
Debian7armelchrony< 1.24-3.1+deb7u2chrony_1.24-3.1+deb7u2_armel.deb
Debian6i386chrony< 1.24-3+squeeze1+b1chrony_1.24-3+squeeze1+b1_i386.deb
Debian7mipselchrony< 1.24-3.1+deb7u2chrony_1.24-3.1+deb7u2_mipsel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	ia64	chrony	< 1.24-3+squeeze1+b1	chrony_1.24-3+squeeze1+b1_ia64.deb
Debian	6	armel	chrony	< 1.24-3+squeeze1+b1	chrony_1.24-3+squeeze1+b1_armel.deb
Debian	6	s390	chrony	< 1.24-3+squeeze1+b1	chrony_1.24-3+squeeze1+b1_s390.deb
Debian	7	sparc	chrony	< 1.24-3.1+deb7u2	chrony_1.24-3.1+deb7u2_sparc.deb
Debian	7	ia64	chrony	< 1.24-3.1+deb7u2	chrony_1.24-3.1+deb7u2_ia64.deb
Debian	7	s390	chrony	< 1.24-3.1+deb7u2	chrony_1.24-3.1+deb7u2_s390.deb
Debian	7	amd64	chrony	< 1.24-3.1+deb7u2	chrony_1.24-3.1+deb7u2_amd64.deb
Debian	7	armel	chrony	< 1.24-3.1+deb7u2	chrony_1.24-3.1+deb7u2_armel.deb
Debian	6	i386	chrony	< 1.24-3+squeeze1+b1	chrony_1.24-3+squeeze1+b1_i386.deb
Debian	7	mipsel	chrony	< 1.24-3.1+deb7u2	chrony_1.24-3.1+deb7u2_mipsel.deb