Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0163)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2015.0163

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2015-0163)

Zusammenfassung: The remote host is missing an update for the 'chrony' package(s) announced via the MGASA-2015-0163 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'chrony' package(s) announced via the MGASA-2015-0163 advisory.

Vulnerability Insight:
Updated chrony package fixes security vulnerabilities:

Using particular address/subnet pairs when configuring access control would
cause an invalid memory write. This could allow attackers to cause a denial
of service (crash) or execute arbitrary code (CVE-2015-1821).

When allocating memory to save unacknowledged replies to authenticated
command requests, a pointer would be left uninitialized, which could trigger
an invalid memory write. This could allow attackers to cause a denial of
service (crash) or execute arbitrary code (CVE-2015-1822).

When peering with other NTP hosts using authenticated symmetric association,
the internal state variables would be updated before the MAC of the NTP
messages was validated. This could allow a remote attacker to cause a denial
of service by impeding synchronization between NTP peers (CVE-2015-1853).

Affected Software/OS:
'chrony' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-1821
73955
http://www.securityfocus.com/bid/73955
DSA-3222
http://www.debian.org/security/2015/dsa-3222
GLSA-201507-01
https://security.gentoo.org/glsa/201507-01
[chrony-announce] 20150407 chrony-1.31.1 released (security)
http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-1822
73956
http://www.securityfocus.com/bid/73956
Common Vulnerability Exposure (CVE) ID: CVE-2015-1853
http://chrony.tuxfamily.org/News.html

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2015.0163
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2015-0163)
Zusammenfassung:	The remote host is missing an update for the 'chrony' package(s) announced via the MGASA-2015-0163 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'chrony' package(s) announced via the MGASA-2015-0163 advisory. Vulnerability Insight: Updated chrony package fixes security vulnerabilities: Using particular address/subnet pairs when configuring access control would cause an invalid memory write. This could allow attackers to cause a denial of service (crash) or execute arbitrary code (CVE-2015-1821). When allocating memory to save unacknowledged replies to authenticated command requests, a pointer would be left uninitialized, which could trigger an invalid memory write. This could allow attackers to cause a denial of service (crash) or execute arbitrary code (CVE-2015-1822). When peering with other NTP hosts using authenticated symmetric association, the internal state variables would be updated before the MAC of the NTP messages was validated. This could allow a remote attacker to cause a denial of service by impeding synchronization between NTP peers (CVE-2015-1853). Affected Software/OS: 'chrony' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1821 73955 http://www.securityfocus.com/bid/73955 DSA-3222 http://www.debian.org/security/2015/dsa-3222 GLSA-201507-01 https://security.gentoo.org/glsa/201507-01 [chrony-announce] 20150407 chrony-1.31.1 released (security) http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html Common Vulnerability Exposure (CVE) ID: CVE-2015-1822 73956 http://www.securityfocus.com/bid/73956 Common Vulnerability Exposure (CVE) ID: CVE-2015-1853 http://chrony.tuxfamily.org/News.html
Copyright	Copyright (C) 2022 Greenbone AG