|From:||Mageia Updates <firstname.lastname@example.org>|
|Subject:||[updates-announce] MGASA-2014-0052: Updated chrony package fixes security vulnerability|
|Date:||Tue, 11 Feb 2014 23:13:25 +0100|
MGASA-2014-0052 - Updated chrony package fixes security vulnerability Publication date: 11 Feb 2014 URL: http://advisories.mageia.org/MGASA-2014-0052.html Type: security Affected Mageia releases: 4 CVE: CVE-2014-0021 Description: Updated chrony package fixes security vulnerability: In the chrony control protocol some replies are significantly larger than their requests, which allows an attacker to use it in an amplification attack (CVE-2014-0021). Note: in the default configuration, cmdallow is restricted to localhost, so significant amplification is only possible if the configuration has been changed to allow cmdallow from other hosts. Even from hosts whose access is denied, minor amplification is still possible. References: - https://bugs.mageia.org/show_bug.cgi?id=12347 - http://chrony.tuxfamily.org/News.html - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0021 SRPMS: - 4/core/chrony-1.29.1-1.mga4
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds