Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0163)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2015.0163

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2015-0163)

Resumen: The remote host is missing an update for the 'chrony' package(s) announced via the MGASA-2015-0163 advisory.

Descripción: Summary:
The remote host is missing an update for the 'chrony' package(s) announced via the MGASA-2015-0163 advisory.

Vulnerability Insight:
Updated chrony package fixes security vulnerabilities:

Using particular address/subnet pairs when configuring access control would
cause an invalid memory write. This could allow attackers to cause a denial
of service (crash) or execute arbitrary code (CVE-2015-1821).

When allocating memory to save unacknowledged replies to authenticated
command requests, a pointer would be left uninitialized, which could trigger
an invalid memory write. This could allow attackers to cause a denial of
service (crash) or execute arbitrary code (CVE-2015-1822).

When peering with other NTP hosts using authenticated symmetric association,
the internal state variables would be updated before the MAC of the NTP
messages was validated. This could allow a remote attacker to cause a denial
of service by impeding synchronization between NTP peers (CVE-2015-1853).

Affected Software/OS:
'chrony' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-1821
73955
http://www.securityfocus.com/bid/73955
DSA-3222
http://www.debian.org/security/2015/dsa-3222
GLSA-201507-01
https://security.gentoo.org/glsa/201507-01
[chrony-announce] 20150407 chrony-1.31.1 released (security)
http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-1822
73956
http://www.securityfocus.com/bid/73956
Common Vulnerability Exposure (CVE) ID: CVE-2015-1853
http://chrony.tuxfamily.org/News.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2015.0163
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0163)
Resumen:	The remote host is missing an update for the 'chrony' package(s) announced via the MGASA-2015-0163 advisory.
Descripción:	Summary: The remote host is missing an update for the 'chrony' package(s) announced via the MGASA-2015-0163 advisory. Vulnerability Insight: Updated chrony package fixes security vulnerabilities: Using particular address/subnet pairs when configuring access control would cause an invalid memory write. This could allow attackers to cause a denial of service (crash) or execute arbitrary code (CVE-2015-1821). When allocating memory to save unacknowledged replies to authenticated command requests, a pointer would be left uninitialized, which could trigger an invalid memory write. This could allow attackers to cause a denial of service (crash) or execute arbitrary code (CVE-2015-1822). When peering with other NTP hosts using authenticated symmetric association, the internal state variables would be updated before the MAC of the NTP messages was validated. This could allow a remote attacker to cause a denial of service by impeding synchronization between NTP peers (CVE-2015-1853). Affected Software/OS: 'chrony' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1821 73955 http://www.securityfocus.com/bid/73955 DSA-3222 http://www.debian.org/security/2015/dsa-3222 GLSA-201507-01 https://security.gentoo.org/glsa/201507-01 [chrony-announce] 20150407 chrony-1.31.1 released (security) http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html Common Vulnerability Exposure (CVE) ID: CVE-2015-1822 73956 http://www.securityfocus.com/bid/73956 Common Vulnerability Exposure (CVE) ID: CVE-2015-1853 http://chrony.tuxfamily.org/News.html
Copyright	Copyright (C) 2022 Greenbone AG