drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in chrony
Name: |
Mehrere Probleme in chrony |
|
ID: |
DSA-3222-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian wheezy |
|
Datum: |
So, 12. April 2015, 19:49 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1853 |
|
Applikationen: |
chrony |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3222-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini April 12, 2015 http://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : chrony CVE ID : CVE-2015-1821 CVE-2015-1822 CVE-2015-1853 Debian Bug : 782160
Miroslav Lichvar of Red Hat discovered multiple vulnerabilities in chrony, an alternative NTP client and server:
CVE-2015-1821
Using particular address/subnet pairs when configuring access control would cause an invalid memory write. This could allow attackers to cause a denial of service (crash) or execute arbitrary code.
CVE-2015-1822
When allocating memory to save unacknowledged replies to authenticated command requests, a pointer would be left uninitialized, which could trigger an invalid memory write. This could allow attackers to cause a denial of service (crash) or execute arbitrary code.
CVE-2015-1853
When peering with other NTP hosts using authenticated symmetric association, the internal state variables would be updated before the MAC of the NTP messages was validated. This could allow a remote attacker to cause a denial of service by impeding synchronization between NTP peers.
For the stable distribution (wheezy), these problems have been fixed in version 1.24-3.1+deb7u3.
For the unstable distribution (sid), these problems have been fixed in version 1.30-2.
We recommend that you upgrade your chrony packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJVKpCYAAoJEK+lG9bN5XPL3AYQAIP4kxodemn5SPmEoLAvQVQ3 JVMMUWGrPBjQshd93Xo8xXAkY7WLaSI4hVP0cAG79yykY2dCmpJQLFvTf8l0bH5a H0mBG0vfNr4SdxJmX57QWVNJ96iQH5JJUZDcZmmF63A6Q2KNiydzTxTpnDOplaIZ UDT3JA1kPIWarqbz4StvHe6x3BuOJNeFWDiCyxaT1ktpVoRFXIYF37Qy0Npo7Uo8 peWpqA+hlbbvJsG4yjzsmod3mupx9AGSRCwS7KfHNqsabemY44wQBEJZbLc3nt6A VknZ0qKaOMEqCvQYFLllkVp+LIfblg9lBtYcAos9TYqe0+nMJKeO2y1C4wOb9S5M fxv9I1rNjvTfH+qXOEiPKbjBFQYWwHTnOMYcqeU8DWYjFAWg95T2EaFmAFTDiJOM 9VAs/ewFaIZMG76+oxAegm19N6Ly6iCB0vjERRCITGwkUCgqsWd7oBMdVwUMpiW4 59aZJfjBytTfs53Rj8qwvZbLv7oI5jluMW73S8iebz/Gq0YywpzJErqn0ssaqKqe 610B6ti4r00HGBfvFS+QzjavkjCwOs0c6XnzqPwDXKwG0v1flZL/kAIPFHHP/Z31 5RYtPs2xO15/uRdSX/PZqAQzUxBBt52DALzzGPkVMrIpPmAYk6AMRLn/J36xzm9+ Au3cXBsQY6Sbc9M1Cs6A =NyVY -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: https://lists.debian.org/20150412153508.C3E26368@bendel.debian.org
|
|
|
|