summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Korsgaard <peter@korsgaard.com>2014-03-11 15:46:42 (GMT)
committer Peter Korsgaard <peter@korsgaard.com>2014-03-11 15:46:42 (GMT)
commitf68c4ab87205467c1a2468fb28f065b20eedd5c1 (patch)
tree7daa602452b1bc4bb44b87865efc4b9da9c47b89
parent35770edfd464705862c09ad1f644009ffd39cc45 (diff)
downloadbuildroot-f68c4ab87205467c1a2468fb28f065b20eedd5c1.tar.gz
buildroot-f68c4ab87205467c1a2468fb28f065b20eedd5c1.tar.bz2
chrony: bump version
Fixes CVE-2014-0021: Amplification in chrony control protocol In the chrony control protocol some replies are significantly larger than their requests, which allows an attacker to use it in an amplification attack. With hosts allowed by cmdallow (only localhost by default) the maximum amplification factor is 9.2. Hosts that are not allowed receive a small reply with error status, which allows amplification of up to 1.5. To fix the problem, the protocol has been modified to require padding in the request packet, so replies are never larger than their requests. Also, chronyd no longer sends replies with error status to hosts that are not allowed by cmdallow. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-rw-r--r--package/chrony/chrony.mk2
1 files changed, 1 insertions, 1 deletions
diff --git a/package/chrony/chrony.mk b/package/chrony/chrony.mk
index eeb42d8..edb5c24 100644
--- a/package/chrony/chrony.mk
+++ b/package/chrony/chrony.mk
@@ -4,7 +4,7 @@
#
################################################################################
-CHRONY_VERSION = 1.29
+CHRONY_VERSION = 1.29.1
CHRONY_SITE = http://download.tuxfamily.org/chrony/
CHRONY_LICENSE = GPLv2
CHRONY_LICENSE_FILES = COPYING