VYPR

rpm package

opensuse/chrony&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/chrony&distro=openSUSE%20Tumbleweed

Vulnerabilities (5)

  • CVE-2020-14367MedAug 24, 2020
    affected < 4.1-5.2fixed 4.1-5.2

    A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link wi

  • CVE-2014-0021HigNov 15, 2019
    affected < 2.4.1-1.1fixed 2.4.1-1.1

    Chrony before 1.29.1 has traffic amplification in cmdmon protocol

  • CVE-2016-1567HigJan 26, 2016
    affected < 2.4.1-1.1fixed 2.4.1-1.1

    chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."

  • CVE-2012-4503Nov 5, 2013
    affected < 2.4.1-1.1fixed 2.4.1-1.1

    cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the

  • CVE-2012-4502Nov 5, 2013
    affected < 2.4.1-1.1fixed 2.4.1-1.1

    Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4)