gitolite/buildrootschalter
gitolite
/
buildrootschalter
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

chrony: bump version 

Fixes CVE-2014-0021: Amplification in chrony control protocol

In the chrony control protocol some replies are significantly larger than
their requests, which allows an attacker to use it in an amplification
attack.  With hosts allowed by cmdallow (only localhost by default) the
maximum amplification factor is 9.2.  Hosts that are not allowed receive a
small reply with error status, which allows amplification of up to 1.5.

To fix the problem, the protocol has been modified to require padding in the
request packet, so replies are never larger than their requests.  Also,
chronyd no longer sends replies with error status to hosts that are not
allowed by cmdallow.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Peter Korsgaard 2014-03-11 16:46:42 +01:00
parent 35770edfd4
commit f68c4ab872
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/chrony/chrony.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
CHRONY_VERSION = 1.29
CHRONY_VERSION = 1.29.1
CHRONY_SITE = http://download.tuxfamily.org/chrony/
CHRONY_LICENSE = GPLv2
CHRONY_LICENSE_FILES = COPYING