[Slackbuilds-users] [security] chrony

mancha mancha1 at hush.com
Mon Jul 6 19:42:10 UTC 2015


Hello.

Chrony 1.31.1 contains three security fixes: CVE-2015-1821, 
CVE-2015-1822, and CVE-2015-1853. [1]

Two of the vulnerabilities allow attackers, who manage to get
the command key, possible RCE. Fortunately under default 
configurations there are no remote attack vectors associated with
these (surface is limited to localhost, i.e. 127.0.0.1 and ::1).

The third fix prevents a potential DoS that does have remote
attack vectors under default configurations.

Upgrading SBo's version to 1.31.1 or 2.1.1 would address this.

--mancha

[1] http://article.gmane.org/gmane.comp.time.chrony.announce/22



More information about the SlackBuilds-users mailing list