oss-sec mailing list archives

[Not a CVE request, just notification] CVE-2012-4502, CVE-2012-4503 -- Two security flaws fixed in Chrony v1.29

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Fri, 9 Aug 2013 04:12:17 -0400 (EDT)

Hello Kurt, Steve, vendors,

  Chrony upstream has released v1.29 version, correcting two security flaws:

* Issue #1: CVE-2012-4502: Buffer overflow when processing crafted command packets

  This issue was found by Florian Weimer of Red Hat.

  Relevant patch: 
http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git;a=commitdiff;h=7712455d9aa33d0db0945effaa07e900b85987b1
  Announcement: http://permalink.gmane.org/gmane.comp.time.chrony.announce/15
  Red Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=846392

* Issue #2: CVE-2012-4503: Uninitialized data in command replies

  This issue was found by Miroslav Lichvar of Red Hat.
 
  Relevant patch: 
http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git;a=commitdiff;h=c6fdeeb6bb0b17dc28c19ae492c4a1c498e54ea3
  Announcement: http://permalink.gmane.org/gmane.comp.time.chrony.announce/15
  Red Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=846392

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

[Not a CVE request, just notification] CVE-2012-4502, CVE-2012-4503 -- Two security flaws fixed in Chrony v1.29 Jan Lieskovsky (Aug 09)