Updated chrony package fixes security vulnerability: In the chrony control protocol some replies are significantly larger than their requests, which allows an attacker to use it in an amplification attack (CVE-2014-0021). Note: in the default configuration, cmdallow is restricted to localhost, so significant amplification is only possible if the configuration has been changed to allow cmdallow from other hosts. Even from hosts whose access is denied, minor amplification is still possible.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 4 | noarch | chrony | < 1.29.1-1 | chrony-1.29.1-1.mga4 |