User: Password:
|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0052 (chrony)

From:  Mageia Updates <buildsystem-daemon@mageia.org>
To:  updates-announce@ml.mageia.org
Subject:  [updates-announce] MGASA-2014-0052: Updated chrony package fixes security vulnerability
Date:  Tue, 11 Feb 2014 23:13:25 +0100
Message-ID:  <20140211221325.4CAF648BA6@valstar.mageia.org>

MGASA-2014-0052 - Updated chrony package fixes security vulnerability Publication date: 11 Feb 2014 URL: http://advisories.mageia.org/MGASA-2014-0052.html Type: security Affected Mageia releases: 4 CVE: CVE-2014-0021 Description: Updated chrony package fixes security vulnerability: In the chrony control protocol some replies are significantly larger than their requests, which allows an attacker to use it in an amplification attack (CVE-2014-0021). Note: in the default configuration, cmdallow is restricted to localhost, so significant amplification is only possible if the configuration has been changed to allow cmdallow from other hosts. Even from hosts whose access is denied, minor amplification is still possible. References: - https://bugs.mageia.org/show_bug.cgi?id=12347 - http://chrony.tuxfamily.org/News.html - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0021 SRPMS: - 4/core/chrony-1.29.1-1.mga4


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds