3 matches found
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: chrony (UTSA-2025-990681)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990681 advisory. A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still...
GLSA-202008-23 : chrony: Symlink vulnerability
The remote host is affected by the vulnerability described in GLSA-202008-23 chrony: Symlink vulnerability It was found that chrony did not check whether its PID file was a symlink. Impact : A local attacker could perform symlink attacks to overwrite arbitrary files with root privileges. Workarou...
chrony <= 3.5.1 data corruption through symlink vulnerability writing the pidfile
Miroslav Lichvar reports: chrony-3.5.1 ... fixes a security issue in writing of the pidfile. When chronyd is configured to save the pidfile in a directory where the chrony user has write permissions e.g. /var/run/chrony - the default since chrony-3.4, an attacker that compromised the chrony user...