Commit Graph

5 Commits

Author SHA1 Message Date
Peter Korsgaard
f68c4ab872 chrony: bump version
Fixes CVE-2014-0021: Amplification in chrony control protocol

In the chrony control protocol some replies are significantly larger than
their requests, which allows an attacker to use it in an amplification
attack.  With hosts allowed by cmdallow (only localhost by default) the
maximum amplification factor is 9.2.  Hosts that are not allowed receive a
small reply with error status, which allows amplification of up to 1.5.

To fix the problem, the protocol has been modified to require padding in the
request packet, so replies are never larger than their requests.  Also,
chronyd no longer sends replies with error status to hosts that are not
allowed by cmdallow.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-03-11 16:46:42 +01:00
Thomas De Schampheleire
eb7bd9ef61 packages: remove uninstall commands
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-12-06 09:40:40 +01:00
Jerzy Grzegorek
cbcbed4a24 chrony: bump to version 1.29
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-10-10 23:01:03 +02:00
Alexandre Belloni
8dfd59d114 Normalize separator size to 80
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-06 22:30:24 +02:00
Nathan Lynch
f183c7362c chrony: new package
Signed-off-by: Nathan Lynch <ntl@pobox.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-05-07 23:04:08 +02:00