Lucene search
GoogleOSV:DSA-3222-1HistoryApr 12, 2015 - 12:00 a.m.
chrony - security update
2015-04-1200:00:00
Google
osv.dev
7
0.027 Low
EPSS
Percentile
90.6%
Miroslav Lichvar of Red Hat discovered multiple vulnerabilities in chrony,
an alternative NTP client and server:
- CVE-2015-1821
Using particular address/subnet pairs when configuring access control
would cause an invalid memory write. This could allow attackers to
cause a denial of service (crash) or execute arbitrary code. - CVE-2015-1822
When allocating memory to save unacknowledged replies to authenticated
command requests, a pointer would be left uninitialized, which could
trigger an invalid memory write. This could allow attackers to cause a
denial of service (crash) or execute arbitrary code. - CVE-2015-1853
When peering with other NTP hosts using authenticated symmetric
association, the internal state variables would be updated before the
MAC of the NTP messages was validated. This could allow a remote
attacker to cause a denial of service by impeding synchronization
between NTP peers.
For the stable distribution (wheezy), these problems have been fixed in
version 1.24-3.1+deb7u3.
For the unstable distribution (sid), these problems have been fixed in
version 1.30-2.
We recommend that you upgrade your chrony packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| chrony | eq | 1.24-3.1+deb7u2 | |
| chrony | eq | 1.24-3.1+deb7u1 |
References
Related
oraclelinux
oraclelinux
chrony security, bug fix, and enhancement update
2015-11-23 00:00:00
gentoo
gentoo
chrony: Multiple vulnerabilities
2015-07-05 00:00:00
openvas
openvas
Fedora Update for chrony FEDORA-2015-5748
2015-07-07 00:00:00
Oracle: Security Advisory (ELSA-2015-2241)
2015-11-24 00:00:00
Debian: Security Advisory (DLA-193-1)
2023-03-08 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: chrony-1.31.1-1.fc21
2015-04-22 22:53:53
[SECURITY] Fedora 22 Update: chrony-2.0-0.3.pre2.fc22
2015-04-22 22:43:07
[SECURITY] Fedora 20 Update: chrony-1.31.1-1.fc20
2015-04-24 22:50:08
nessus
nessus
Fedora 22 : chrony-2.0-0.3.pre2.fc22 (2015-5748)
2015-04-23 00:00:00
GLSA-201507-01 : chrony: Multiple vulnerabilities
2015-07-06 00:00:00
securityvulns
securityvulns
chrony multiple security vulnerabilities
2015-04-17 00:00:00
[SECURITY] [DSA 3222-1] chrony security update
2015-04-17 00:00:00
osv
osv
chrony - security update
2015-04-12 00:00:00
redhat
redhat
(RHSA-2015:2241) Moderate: chrony security, bug fix, and enhancement update
2015-11-19 14:42:40
centos
centos
chrony security update
2015-11-30 19:24:37
debian
debian
[SECURITY] [DLA 193-1] chrony security update
2015-04-12 15:41:11
[SECURITY] [DSA 3222-1] chrony security update
2015-04-12 15:34:48
freebsd
freebsd
chrony -- multiple vulnerabilities
2015-02-17 00:00:00
amazon
amazon
Medium: chrony
2015-06-02 22:25:00
mageia
mageia
Updated chrony packages fix security vulnerabilities
2015-04-24 00:14:25
nvd
nvd
cve
cve
cvelist
cvelist
debiancve
debiancve
prion
prion
Design/Logic Flaw
2015-04-16 14:59:00
Code injection
2019-12-09 19:15:00
Heap overflow
2015-04-16 14:59:00
ubuntucve
ubuntucve
archlinux
archlinux
chrony: denial of service
2015-04-08 00:00:00