Information on source package chrony

Available versions

ReleaseVersion
stretch3.0-4+deb9u2
buster3.4-4
bullseye3.5.1-2
sid3.5.1-2

Open unimportant issues

BugstretchbusterbullseyesidDescription
CVE-2020-14367vulnerablevulnerablefixedfixedA flaw was found in chrony versions before 3.5.1 when creating the PID ...

Resolved issues

BugDescription
CVE-2016-1567chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associati ...
CVE-2015-1853chrony before 1.31.1 does not properly protect state variables in auth ...
CVE-2015-1822chrony before 1.31.1 does not initialize the last "next" pointer when ...
CVE-2015-1821Heap-based buffer overflow in chrony before 1.31.1 allows remote authe ...
CVE-2014-0021Chrony before 1.29.1 has traffic amplification in cmdmon protocol ...
CVE-2012-4503cmdmon.c in Chrony before 1.29 allows remote attackers to obtain poten ...
CVE-2012-4502Multiple integer overflows in pktlength.c in Chrony before 1.29 allow ...
CVE-2010-0294chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a s ...
CVE-2010-0293The client logging functionality in chronyd in Chrony before 1.23.1 do ...
CVE-2010-0292The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony bef ...

Security announcements

DSA / DLADescription
DLA-742-1chrony - security update
DLA-414-1chrony - security update
DSA-3222-1chrony - security update
DLA-193-1chrony - security update
DSA-2760-1chrony - several
DSA-1992-1chrony - denial of service

Search for package or bug name: Reporting problems