oss-sec mailing list archives
[Not a CVE request, just notification] CVE-2012-4502, CVE-2012-4503 -- Two security flaws fixed in Chrony v1.29
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Fri, 9 Aug 2013 04:12:17 -0400 (EDT)
Hello Kurt, Steve, vendors, Chrony upstream has released v1.29 version, correcting two security flaws: * Issue #1: CVE-2012-4502: Buffer overflow when processing crafted command packets This issue was found by Florian Weimer of Red Hat. Relevant patch: http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git;a=commitdiff;h=7712455d9aa33d0db0945effaa07e900b85987b1 Announcement: http://permalink.gmane.org/gmane.comp.time.chrony.announce/15 Red Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=846392 * Issue #2: CVE-2012-4503: Uninitialized data in command replies This issue was found by Miroslav Lichvar of Red Hat. Relevant patch: http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git;a=commitdiff;h=c6fdeeb6bb0b17dc28c19ae492c4a1c498e54ea3 Announcement: http://permalink.gmane.org/gmane.comp.time.chrony.announce/15 Red Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=846392 Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- [Not a CVE request, just notification] CVE-2012-4502, CVE-2012-4503 -- Two security flaws fixed in Chrony v1.29 Jan Lieskovsky (Aug 09)