Information on source package chrony

Available versions

ReleaseVersion
jessie1.30-2+deb8u2
stretch3.0-4+deb9u2
buster3.4-4
sid3.4-4

Resolved issues

BugDescription
CVE-2016-1567chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associati ...
CVE-2015-1853authentication doesn't protect symmetric associations against DoS attacks
CVE-2015-1822chrony before 1.31.1 does not initialize the last "next" pointer when ...
CVE-2015-1821Heap-based buffer overflow in chrony before 1.31.1 allows remote authe ...
CVE-2014-0021traffic amplification in cmdmon protocol
CVE-2012-4503cmdmon.c in Chrony before 1.29 allows remote attackers to obtain poten ...
CVE-2012-4502Multiple integer overflows in pktlength.c in Chrony before 1.29 allow ...
CVE-2010-0294chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a s ...
CVE-2010-0293The client logging functionality in chronyd in Chrony before 1.23.1 do ...
CVE-2010-0292The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony bef ...

Security announcements

DSA / DLADescription
DLA-742-1chrony - security update
DLA-414-1chrony - security update
DSA-3222-1chrony - security update
DLA-193-1chrony - security update
DSA-2760-1chrony - several
DSA-2760-1chrony - several
DSA-1992-1chrony - denial of service
DSA-1992-1chrony - denial of service

Search for package or bug name: Reporting problems