[Slackbuilds-users] [security] chrony
mancha
mancha1 at hush.com
Mon Jul 6 19:42:10 UTC 2015
Hello.
Chrony 1.31.1 contains three security fixes: CVE-2015-1821,
CVE-2015-1822, and CVE-2015-1853. [1]
Two of the vulnerabilities allow attackers, who manage to get
the command key, possible RCE. Fortunately under default
configurations there are no remote attack vectors associated with
these (surface is limited to localhost, i.e. 127.0.0.1 and ::1).
The third fix prevents a potential DoS that does have remote
attack vectors under default configurations.
Upgrading SBo's version to 1.31.1 or 2.1.1 would address this.
--mancha
[1] http://article.gmane.org/gmane.comp.time.chrony.announce/22
More information about the SlackBuilds-users
mailing list