Information on source package chrony

Available versions

ReleaseVersion
jessie1.30-2+deb8u2
stretch3.0-4+deb9u2
buster3.4-4+deb10u2
bullseye4.0-8+deb11u2
bookworm4.3-2+deb12u1
trixie4.6.1-1
sid4.6.1-1

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2020-14367vulnerablevulnerablefixedfixedfixedfixedfixedA flaw was found in chrony versions before 3.5.1 when creating the PID ...

Resolved issues

BugDescription
CVE-2016-1567chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associati ...
CVE-2015-1853chrony before 1.31.1 does not properly protect state variables in auth ...
CVE-2015-1822chrony before 1.31.1 does not initialize the last "next" pointer when ...
CVE-2015-1821Heap-based buffer overflow in chrony before 1.31.1 allows remote authe ...
CVE-2014-0021Chrony before 1.29.1 has traffic amplification in cmdmon protocol
CVE-2012-4503cmdmon.c in Chrony before 1.29 allows remote attackers to obtain poten ...
CVE-2012-4502Multiple integer overflows in pktlength.c in Chrony before 1.29 allow ...
CVE-2010-0294chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a s ...
CVE-2010-0293The client logging functionality in chronyd in Chrony before 1.23.1 do ...
CVE-2010-0292The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony bef ...

Security announcements

DSA / DLADescription
DLA-742-1chrony - security update
DLA-414-1chrony - security update
DSA-3222-1chrony - security update
DLA-193-1chrony - security update
DSA-2760-1chrony - several
DSA-1992-1chrony - denial of service

Search for package or bug name: Reporting problems