[chrony-announce] chrony-2.0-pre2 released (security)

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-announce Archives ]

To: chrony-announce@xxxxxxxxxxxxxxxxxxxx, chrony-dev@xxxxxxxxxxxxxxxxxxxx, chrony-users@xxxxxxxxxxxxxxxxxxxx
Subject: [chrony-announce] chrony-2.0-pre2 released (security)
From: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Tue, 7 Apr 2015 17:35:02 +0200

The second prerelease for chrony-2.0 is now available. It includes the
three security fixes from 1.31.1, and also some new bug fixes and
improvements.

The sources can be downloaded here:
http://download.tuxfamily.org/chrony/chrony-2.0-pre2.tar.gz

MD5 and SHA1 sums:
0b41c021c5efe1ee7b8870d6e2b6b625  chrony-2.0-pre2.tar.gz
878bfdfd1fcde62126b8d23d38326ae0623454ff  chrony-2.0-pre2.tar.gz

Changes since version 2.0-pre1:

Security fixes
--------------
* Protect authenticated symmetric NTP associations against DoS attacks
  (CVE-2015-1799)
* Fix access configuration with subnet size indivisible by 4 (CVE-2015-1821)
* Fix initialization of reply slots for authenticated commands (CVE-2015-1822)

Enhancements
------------
* Add leapsecmode directive to select how to correct clock for leap second
* Add smoothtime directive to smooth served time and enable leap smear
* Change default maxdelay to 3 seconds

Bug fixes
---------
* Add sanity checks for time and frequency offset
* Don't report synchronised status during leap second
* Fix initial fallback drift setting
* Fix maxdelayratio option
* Start default refclock reference ID numbering at zero

-- 
Miroslav Lichvar

Attachment: pgpJWwAq7G3CN.pgp
Description: PGP signature

Messages sorted by: [ date | thread ]
Prev by Date: [chrony-announce] chrony-1.31.1 released (security)
Next by Date: [chrony-announce] Re: chrony-1.31.1 released (security)
Previous by thread: [chrony-announce] Re: chrony-1.31.1 released (security)
Next by thread: [chrony-announce] chrony-2.0 released

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/