Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-14367 (GCVE-0-2020-14367)
Vulnerability from cvelistv5
Published
2020-08-24 14:07
Modified
2024-08-04 12:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - leads to CWE-22
Summary
A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.
References
| URL | Tags | ||
|---|---|---|---|
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:33.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2020-7aa962c55e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WKABKNLCSC3MACCWU6OM2YGWVWFWFMU/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1870298"
},
{
"name": "GLSA-202008-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202008-23"
},
{
"name": "USN-4475-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4475-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrony",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All chrony versions before 3.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it\u0027s opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 leads to CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-09T13:06:31",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2020-7aa962c55e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WKABKNLCSC3MACCWU6OM2YGWVWFWFMU/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1870298"
},
{
"name": "GLSA-202008-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202008-23"
},
{
"name": "USN-4475-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4475-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrony",
"version": {
"version_data": [
{
"version_value": "All chrony versions before 3.5.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it\u0027s opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 leads to CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2020-7aa962c55e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WKABKNLCSC3MACCWU6OM2YGWVWFWFMU/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1870298",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1870298"
},
{
"name": "GLSA-202008-23",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202008-23"
},
{
"name": "USN-4475-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4475-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14367",
"datePublished": "2020-08-24T14:07:19",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:46:33.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-14367\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2020-08-24T15:15:13.147\",\"lastModified\":\"2024-11-21T05:03:06.350\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it\u0027s opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un fallo en chrony versiones anteriores a 3.5.1, al crear el archivo PID en la carpeta /var/run/chrony. El archivo es creado durante el inicio de chronyd mientras a\u00fan se ejecuta como usuario root, y cuando se abre para escritura, chronyd no busca un enlace simb\u00f3lico existente con el mismo nombre de archivo. Este fallo permite a un atacante con acceso privilegiado crear un enlace simb\u00f3lico con el nombre de archivo PID predeterminado apuntando a cualquier archivo de destino en el sistema, resultando en la p\u00e9rdida de datos y una denegaci\u00f3n de servicio debido a un salto de ruta.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":6.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:P/A:P\",\"baseScore\":3.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tuxfamily:chrony:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.5.1\",\"matchCriteriaId\":\"F980BBFC-8646-4381-8518-40720665FAB7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"902B8056-9E37-443B-8905-8AA93E2447FB\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1870298\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WKABKNLCSC3MACCWU6OM2YGWVWFWFMU/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.gentoo.org/glsa/202008-23\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4475-1/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1870298\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WKABKNLCSC3MACCWU6OM2YGWVWFWFMU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202008-23\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4475-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
cnvd-2020-50554
Vulnerability from cnvd
Title
Chrony拒绝服务漏洞(CNVD-2020-50554)
Description
Chrony是网络时间协议(NTP)的一种通用实现,它可以同步系统时钟与NTP服务器。
Chrony产品存在拒绝服务,该漏洞源于网络系统或产品未对输入的数据进行正确的验证,攻击者可能利用这个漏洞导致拒绝服务条件,拒绝向合法用户提供服务。
Severity
低
VLAI Severity ?
Formal description
目前厂商未提供修复方案,请关注厂商主页: https://chrony.tuxfamily.org/
Reference
https://usn.ubuntu.com/4475-1/
Impacted products
| Name | Chrony Chrony <3.5.1 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-14367",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-14367"
}
},
"description": "Chrony\u662f\u7f51\u7edc\u65f6\u95f4\u534f\u8bae(NTP)\u7684\u4e00\u79cd\u901a\u7528\u5b9e\u73b0\uff0c\u5b83\u53ef\u4ee5\u540c\u6b65\u7cfb\u7edf\u65f6\u949f\u4e0eNTP\u670d\u52a1\u5668\u3002\n\nChrony\u4ea7\u54c1\u5b58\u5728\u62d2\u7edd\u670d\u52a1\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u5bf9\u8f93\u5165\u7684\u6570\u636e\u8fdb\u884c\u6b63\u786e\u7684\u9a8c\u8bc1\uff0c\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\uff0c\u62d2\u7edd\u5411\u5408\u6cd5\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u672a\u63d0\u4f9b\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://chrony.tuxfamily.org/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-50554",
"openTime": "2020-09-07",
"products": {
"product": "Chrony Chrony \u003c3.5.1"
},
"referenceLink": "https://usn.ubuntu.com/4475-1/",
"serverity": "\u4f4e",
"submitTime": "2020-08-31",
"title": "Chrony\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2020-50554\uff09"
}
ghsa-73h7-c2xm-9mrv
Vulnerability from github
Published
2022-05-24 17:26
Modified
2022-12-06 21:30
Severity ?
VLAI Severity ?
Details
A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.
{
"affected": [],
"aliases": [
"CVE-2020-14367"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-24T15:15:00Z",
"severity": "LOW"
},
"details": "A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it\u0027s opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.",
"id": "GHSA-73h7-c2xm-9mrv",
"modified": "2022-12-06T21:30:45Z",
"published": "2022-05-24T17:26:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14367"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1870298"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WKABKNLCSC3MACCWU6OM2YGWVWFWFMU"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202008-23"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4475-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
gsd-2020-14367
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-14367",
"description": "A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it\u0027s opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.",
"id": "GSD-2020-14367",
"references": [
"https://www.suse.com/security/cve/CVE-2020-14367.html",
"https://ubuntu.com/security/CVE-2020-14367",
"https://advisories.mageia.org/CVE-2020-14367.html",
"https://alas.aws.amazon.com/cve/html/CVE-2020-14367.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-14367"
],
"details": "A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it\u0027s opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.",
"id": "GSD-2020-14367",
"modified": "2023-12-13T01:22:00.489215Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrony",
"version": {
"version_data": [
{
"version_value": "All chrony versions before 3.5.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it\u0027s opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 leads to CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2020-7aa962c55e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WKABKNLCSC3MACCWU6OM2YGWVWFWFMU/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1870298",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1870298"
},
{
"name": "GLSA-202008-23",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202008-23"
},
{
"name": "USN-4475-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4475-1/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tuxfamily:chrony:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.5.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14367"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it\u0027s opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2020-7aa962c55e",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WKABKNLCSC3MACCWU6OM2YGWVWFWFMU/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1870298",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1870298"
},
{
"name": "GLSA-202008-23",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202008-23"
},
{
"name": "USN-4475-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4475-1/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2
}
},
"lastModifiedDate": "2022-12-06T20:50Z",
"publishedDate": "2020-08-24T15:15Z"
}
}
}
opensuse-su-2022:0845-1
Vulnerability from csaf_opensuse
Published
2022-03-15 10:41
Modified
2022-03-15 10:41
Summary
Security update for chrony
Notes
Title of the patch
Security update for chrony
Description of the patch
This update for chrony fixes the following issues:
Chrony was updated to 4.1, bringing features and bugfixes.
Update to 4.1
* Add support for NTS servers specified by IP address (matching
Subject Alternative Name in server certificate)
* Add source-specific configuration of trusted certificates
* Allow multiple files and directories with trusted certificates
* Allow multiple pairs of server keys and certificates
* Add copy option to server/pool directive
* Increase PPS lock limit to 40% of pulse interval
* Perform source selection immediately after loading dump files
* Reload dump files for addresses negotiated by NTS-KE server
* Update seccomp filter and add less restrictive level
* Restart ongoing name resolution on online command
* Fix dump files to not include uncorrected offset
* Fix initstepslew to accept time from own NTP clients
* Reset NTP address and port when no longer negotiated by NTS-KE
server
- Ensure the correct pool packages are installed for openSUSE
and SLE (bsc#1180689).
- Fix pool package dependencies, so that SLE prefers chrony-pool-suse
over chrony-pool-empty. (bsc#1194229)
- Enable syscallfilter unconditionally [bsc#1181826].
Update to 4.0
- Enhancements
- Add support for Network Time Security (NTS) authentication
- Add support for AES-CMAC keys (AES128, AES256) with Nettle
- Add authselectmode directive to control selection of
unauthenticated sources
- Add binddevice, bindacqdevice, bindcmddevice directives
- Add confdir directive to better support fragmented
configuration
- Add sourcedir directive and 'reload sources' command to
support dynamic NTP sources specified in files
- Add clockprecision directive
- Add dscp directive to set Differentiated Services Code Point
(DSCP)
- Add -L option to limit log messages by severity
- Add -p option to print whole configuration with included
files
- Add -U option to allow start under non-root user
- Allow maxsamples to be set to 1 for faster update with -q/-Q
option
- Avoid replacing NTP sources with sources that have
unreachable address
- Improve pools to repeat name resolution to get 'maxsources'
sources
- Improve source selection with trusted sources
- Improve NTP loop test to prevent synchronisation to itself
- Repeat iburst when NTP source is switched from offline state
to online
- Update clock synchronisation status and leap status more
frequently
- Update seccomp filter
- Add 'add pool' command
- Add 'reset sources' command to drop all measurements
- Add authdata command to print details about NTP
authentication
- Add selectdata command to print details about source
selection
- Add -N option and sourcename command to print original names
of sources
- Add -a option to some commands to print also unresolved
sources
- Add -k, -p, -r options to clients command to select, limit,
reset data
- Bug fixes
- Don’t set interface for NTP responses to allow asymmetric
routing
- Handle RTCs that don’t support interrupts
- Respond to command requests with correct address on
multihomed hosts
- Removed features
- Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)
- Drop support for long (non-standard) MACs in NTPv4 packets
(chrony 2.x clients using non-MD5/SHA1 keys need to use
option 'version 3')
- Drop support for line editing with GNU Readline
- By default we don't write log files but log to journald, so
only recommend logrotate.
- Adjust and rename the sysconfig file, so that it matches the
expectations of chronyd.service (bsc#1173277).
Update to 3.5.1:
* Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
- Use iburst in the default pool statements to speed up initial
synchronisation (bsc#1172113).
Update to 3.5:
+ Add support for more accurate reading of PHC on Linux 5.0
+ Add support for hardware timestamping on interfaces with read-only timestamping configuration
+ Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris
+ Update seccomp filter to work on more architectures
+ Validate refclock driver options
+ Fix bindaddress directive on FreeBSD
+ Fix transposition of hardware RX timestamp on Linux 4.13 and later
+ Fix building on non-glibc systems
- Fix location of helper script in chrony-dnssrv@.service
(bsc#1128846).
- Read runtime servers from /var/run/netconfig/chrony.servers to
fix bsc#1099272.
- Move chrony-helper to /usr/lib/chrony/helper, because there
should be no executables in /usr/share.
Update to version 3.4
* Enhancements
+ Add filter option to server/pool/peer directive
+ Add minsamples and maxsamples options to hwtimestamp directive
+ Add support for faster frequency adjustments in Linux 4.19
+ Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd
without root privileges to remove it on exit
+ Disable sub-second polling intervals for distant NTP sources
+ Extend range of supported sub-second polling intervals
+ Get/set IPv4 destination/source address of NTP packets on FreeBSD
+ Make burst options and command useful with short polling intervals
+ Modify auto_offline option to activate when sending request failed
+ Respond from interface that received NTP request if possible
+ Add onoffline command to switch between online and offline state
according to current system network configuration
+ Improve example NetworkManager dispatcher script
* Bug fixes
+ Avoid waiting in Linux getrandom system call
+ Fix PPS support on FreeBSD and NetBSD
Update to version 3.3
* Enhancements:
+ Add burst option to server/pool directive
+ Add stratum and tai options to refclock directive
+ Add support for Nettle crypto library
+ Add workaround for missing kernel receive timestamps on Linux
+ Wait for late hardware transmit timestamps
+ Improve source selection with unreachable sources
+ Improve protection against replay attacks on symmetric mode
+ Allow PHC refclock to use socket in /var/run/chrony
+ Add shutdown command to stop chronyd
+ Simplify format of response to manual list command
+ Improve handling of unknown responses in chronyc
* Bug fixes:
+ Respond to NTPv1 client requests with zero mode
+ Fix -x option to not require CAP_SYS_TIME under non-root user
+ Fix acquisitionport directive to work with privilege separation
+ Fix handling of socket errors on Linux to avoid high CPU usage
+ Fix chronyc to not get stuck in infinite loop after clock step
Patchnames
openSUSE-SLE-15.3-2022-845
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chrony",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chrony fixes the following issues:\n\nChrony was updated to 4.1, bringing features and bugfixes.\n\nUpdate to 4.1\n\n * Add support for NTS servers specified by IP address (matching\n Subject Alternative Name in server certificate)\n * Add source-specific configuration of trusted certificates\n * Allow multiple files and directories with trusted certificates\n * Allow multiple pairs of server keys and certificates\n * Add copy option to server/pool directive\n * Increase PPS lock limit to 40% of pulse interval\n * Perform source selection immediately after loading dump files\n * Reload dump files for addresses negotiated by NTS-KE server\n * Update seccomp filter and add less restrictive level\n * Restart ongoing name resolution on online command\n * Fix dump files to not include uncorrected offset\n * Fix initstepslew to accept time from own NTP clients\n * Reset NTP address and port when no longer negotiated by NTS-KE\n server\n\n- Ensure the correct pool packages are installed for openSUSE\n and SLE (bsc#1180689).\n- Fix pool package dependencies, so that SLE prefers chrony-pool-suse\n over chrony-pool-empty. (bsc#1194229)\n\n- Enable syscallfilter unconditionally [bsc#1181826].\n\nUpdate to 4.0\n\n - Enhancements\n\n - Add support for Network Time Security (NTS) authentication\n - Add support for AES-CMAC keys (AES128, AES256) with Nettle\n - Add authselectmode directive to control selection of\n unauthenticated sources\n - Add binddevice, bindacqdevice, bindcmddevice directives\n - Add confdir directive to better support fragmented\n configuration\n - Add sourcedir directive and \u0027reload sources\u0027 command to\n support dynamic NTP sources specified in files\n - Add clockprecision directive\n - Add dscp directive to set Differentiated Services Code Point\n (DSCP)\n - Add -L option to limit log messages by severity\n - Add -p option to print whole configuration with included\n files\n - Add -U option to allow start under non-root user\n - Allow maxsamples to be set to 1 for faster update with -q/-Q\n option\n - Avoid replacing NTP sources with sources that have\n unreachable address\n - Improve pools to repeat name resolution to get \u0027maxsources\u0027\n sources\n - Improve source selection with trusted sources\n - Improve NTP loop test to prevent synchronisation to itself\n - Repeat iburst when NTP source is switched from offline state\n to online\n - Update clock synchronisation status and leap status more\n frequently\n - Update seccomp filter\n - Add \u0027add pool\u0027 command\n - Add \u0027reset sources\u0027 command to drop all measurements\n - Add authdata command to print details about NTP\n authentication\n - Add selectdata command to print details about source\n selection\n - Add -N option and sourcename command to print original names\n of sources\n - Add -a option to some commands to print also unresolved\n sources\n - Add -k, -p, -r options to clients command to select, limit,\n reset data\n\n - Bug fixes\n\n - Don\u2019t set interface for NTP responses to allow asymmetric\n routing\n - Handle RTCs that don\u2019t support interrupts\n - Respond to command requests with correct address on\n multihomed hosts\n - Removed features\n - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)\n - Drop support for long (non-standard) MACs in NTPv4 packets\n (chrony 2.x clients using non-MD5/SHA1 keys need to use\n option \u0027version 3\u0027)\n - Drop support for line editing with GNU Readline\n\n- By default we don\u0027t write log files but log to journald, so\n only recommend logrotate.\n\n- Adjust and rename the sysconfig file, so that it matches the\n expectations of chronyd.service (bsc#1173277).\n\nUpdate to 3.5.1:\n\n * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)\n\n- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)\n\n- Use iburst in the default pool statements to speed up initial\n synchronisation (bsc#1172113).\n\n\n\n\nUpdate to 3.5:\n\n+ Add support for more accurate reading of PHC on Linux 5.0\n+ Add support for hardware timestamping on interfaces with read-only timestamping configuration\n+ Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris\n+ Update seccomp filter to work on more architectures\n+ Validate refclock driver options\n+ Fix bindaddress directive on FreeBSD\n+ Fix transposition of hardware RX timestamp on Linux 4.13 and later\n+ Fix building on non-glibc systems\n\n- Fix location of helper script in chrony-dnssrv@.service\n (bsc#1128846).\n\n\n- Read runtime servers from /var/run/netconfig/chrony.servers to\n fix bsc#1099272.\n- Move chrony-helper to /usr/lib/chrony/helper, because there\n should be no executables in /usr/share.\n\nUpdate to version 3.4\n\n * Enhancements\n\n + Add filter option to server/pool/peer directive\n + Add minsamples and maxsamples options to hwtimestamp directive\n + Add support for faster frequency adjustments in Linux 4.19\n + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd \n without root privileges to remove it on exit\n + Disable sub-second polling intervals for distant NTP sources\n + Extend range of supported sub-second polling intervals\n + Get/set IPv4 destination/source address of NTP packets on FreeBSD\n + Make burst options and command useful with short polling intervals\n + Modify auto_offline option to activate when sending request failed\n + Respond from interface that received NTP request if possible\n + Add onoffline command to switch between online and offline state \n according to current system network configuration\n + Improve example NetworkManager dispatcher script\n\n * Bug fixes\n\n + Avoid waiting in Linux getrandom system call\n + Fix PPS support on FreeBSD and NetBSD\n\nUpdate to version 3.3\n\n * Enhancements:\n\n + Add burst option to server/pool directive\n + Add stratum and tai options to refclock directive\n + Add support for Nettle crypto library\n + Add workaround for missing kernel receive timestamps on Linux\n + Wait for late hardware transmit timestamps\n + Improve source selection with unreachable sources\n + Improve protection against replay attacks on symmetric mode\n + Allow PHC refclock to use socket in /var/run/chrony\n + Add shutdown command to stop chronyd\n + Simplify format of response to manual list command\n + Improve handling of unknown responses in chronyc\n\n * Bug fixes:\n\n + Respond to NTPv1 client requests with zero mode\n + Fix -x option to not require CAP_SYS_TIME under non-root user\n + Fix acquisitionport directive to work with privilege separation\n + Fix handling of socket errors on Linux to avoid high CPU usage\n + Fix chronyc to not get stuck in infinite loop after clock step",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2022-845",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_0845-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:0845-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GIUHNUKYNY5JRZHWXP7NXCJOMX4HEQMQ/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:0845-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GIUHNUKYNY5JRZHWXP7NXCJOMX4HEQMQ/"
},
{
"category": "self",
"summary": "SUSE Bug 1099272",
"url": "https://bugzilla.suse.com/1099272"
},
{
"category": "self",
"summary": "SUSE Bug 1115529",
"url": "https://bugzilla.suse.com/1115529"
},
{
"category": "self",
"summary": "SUSE Bug 1128846",
"url": "https://bugzilla.suse.com/1128846"
},
{
"category": "self",
"summary": "SUSE Bug 1162964",
"url": "https://bugzilla.suse.com/1162964"
},
{
"category": "self",
"summary": "SUSE Bug 1172113",
"url": "https://bugzilla.suse.com/1172113"
},
{
"category": "self",
"summary": "SUSE Bug 1173277",
"url": "https://bugzilla.suse.com/1173277"
},
{
"category": "self",
"summary": "SUSE Bug 1174075",
"url": "https://bugzilla.suse.com/1174075"
},
{
"category": "self",
"summary": "SUSE Bug 1174911",
"url": "https://bugzilla.suse.com/1174911"
},
{
"category": "self",
"summary": "SUSE Bug 1180689",
"url": "https://bugzilla.suse.com/1180689"
},
{
"category": "self",
"summary": "SUSE Bug 1181826",
"url": "https://bugzilla.suse.com/1181826"
},
{
"category": "self",
"summary": "SUSE Bug 1187906",
"url": "https://bugzilla.suse.com/1187906"
},
{
"category": "self",
"summary": "SUSE Bug 1190926",
"url": "https://bugzilla.suse.com/1190926"
},
{
"category": "self",
"summary": "SUSE Bug 1194229",
"url": "https://bugzilla.suse.com/1194229"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14367 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14367/"
}
],
"title": "Security update for chrony",
"tracking": {
"current_release_date": "2022-03-15T10:41:14Z",
"generator": {
"date": "2022-03-15T10:41:14Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:0845-1",
"initial_release_date": "2022-03-15T10:41:14Z",
"revision_history": [
{
"date": "2022-03-15T10:41:14Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "augeas-1.10.1-3.9.1.aarch64",
"product": {
"name": "augeas-1.10.1-3.9.1.aarch64",
"product_id": "augeas-1.10.1-3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "augeas-devel-1.10.1-3.9.1.aarch64",
"product": {
"name": "augeas-devel-1.10.1-3.9.1.aarch64",
"product_id": "augeas-devel-1.10.1-3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "augeas-lense-tests-1.10.1-3.9.1.aarch64",
"product": {
"name": "augeas-lense-tests-1.10.1-3.9.1.aarch64",
"product_id": "augeas-lense-tests-1.10.1-3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "augeas-lenses-1.10.1-3.9.1.aarch64",
"product": {
"name": "augeas-lenses-1.10.1-3.9.1.aarch64",
"product_id": "augeas-lenses-1.10.1-3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "chrony-4.1-150300.16.3.1.aarch64",
"product": {
"name": "chrony-4.1-150300.16.3.1.aarch64",
"product_id": "chrony-4.1-150300.16.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libaugeas0-1.10.1-3.9.1.aarch64",
"product": {
"name": "libaugeas0-1.10.1-3.9.1.aarch64",
"product_id": "libaugeas0-1.10.1-3.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "chrony-pool-empty-4.1-150300.16.3.1.noarch",
"product": {
"name": "chrony-pool-empty-4.1-150300.16.3.1.noarch",
"product_id": "chrony-pool-empty-4.1-150300.16.3.1.noarch"
}
},
{
"category": "product_version",
"name": "chrony-pool-openSUSE-4.1-150300.16.3.1.noarch",
"product": {
"name": "chrony-pool-openSUSE-4.1-150300.16.3.1.noarch",
"product_id": "chrony-pool-openSUSE-4.1-150300.16.3.1.noarch"
}
},
{
"category": "product_version",
"name": "chrony-pool-suse-4.1-150300.16.3.1.noarch",
"product": {
"name": "chrony-pool-suse-4.1-150300.16.3.1.noarch",
"product_id": "chrony-pool-suse-4.1-150300.16.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "augeas-1.10.1-3.9.1.ppc64le",
"product": {
"name": "augeas-1.10.1-3.9.1.ppc64le",
"product_id": "augeas-1.10.1-3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "augeas-devel-1.10.1-3.9.1.ppc64le",
"product": {
"name": "augeas-devel-1.10.1-3.9.1.ppc64le",
"product_id": "augeas-devel-1.10.1-3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "augeas-lense-tests-1.10.1-3.9.1.ppc64le",
"product": {
"name": "augeas-lense-tests-1.10.1-3.9.1.ppc64le",
"product_id": "augeas-lense-tests-1.10.1-3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "augeas-lenses-1.10.1-3.9.1.ppc64le",
"product": {
"name": "augeas-lenses-1.10.1-3.9.1.ppc64le",
"product_id": "augeas-lenses-1.10.1-3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "chrony-4.1-150300.16.3.1.ppc64le",
"product": {
"name": "chrony-4.1-150300.16.3.1.ppc64le",
"product_id": "chrony-4.1-150300.16.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libaugeas0-1.10.1-3.9.1.ppc64le",
"product": {
"name": "libaugeas0-1.10.1-3.9.1.ppc64le",
"product_id": "libaugeas0-1.10.1-3.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "augeas-1.10.1-3.9.1.s390x",
"product": {
"name": "augeas-1.10.1-3.9.1.s390x",
"product_id": "augeas-1.10.1-3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "augeas-devel-1.10.1-3.9.1.s390x",
"product": {
"name": "augeas-devel-1.10.1-3.9.1.s390x",
"product_id": "augeas-devel-1.10.1-3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "augeas-lense-tests-1.10.1-3.9.1.s390x",
"product": {
"name": "augeas-lense-tests-1.10.1-3.9.1.s390x",
"product_id": "augeas-lense-tests-1.10.1-3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "augeas-lenses-1.10.1-3.9.1.s390x",
"product": {
"name": "augeas-lenses-1.10.1-3.9.1.s390x",
"product_id": "augeas-lenses-1.10.1-3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "chrony-4.1-150300.16.3.1.s390x",
"product": {
"name": "chrony-4.1-150300.16.3.1.s390x",
"product_id": "chrony-4.1-150300.16.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libaugeas0-1.10.1-3.9.1.s390x",
"product": {
"name": "libaugeas0-1.10.1-3.9.1.s390x",
"product_id": "libaugeas0-1.10.1-3.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "augeas-1.10.1-3.9.1.x86_64",
"product": {
"name": "augeas-1.10.1-3.9.1.x86_64",
"product_id": "augeas-1.10.1-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "augeas-devel-1.10.1-3.9.1.x86_64",
"product": {
"name": "augeas-devel-1.10.1-3.9.1.x86_64",
"product_id": "augeas-devel-1.10.1-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "augeas-devel-32bit-1.10.1-3.9.1.x86_64",
"product": {
"name": "augeas-devel-32bit-1.10.1-3.9.1.x86_64",
"product_id": "augeas-devel-32bit-1.10.1-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "augeas-lense-tests-1.10.1-3.9.1.x86_64",
"product": {
"name": "augeas-lense-tests-1.10.1-3.9.1.x86_64",
"product_id": "augeas-lense-tests-1.10.1-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "augeas-lenses-1.10.1-3.9.1.x86_64",
"product": {
"name": "augeas-lenses-1.10.1-3.9.1.x86_64",
"product_id": "augeas-lenses-1.10.1-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "chrony-4.1-150300.16.3.1.x86_64",
"product": {
"name": "chrony-4.1-150300.16.3.1.x86_64",
"product_id": "chrony-4.1-150300.16.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libaugeas0-1.10.1-3.9.1.x86_64",
"product": {
"name": "libaugeas0-1.10.1-3.9.1.x86_64",
"product_id": "libaugeas0-1.10.1-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libaugeas0-32bit-1.10.1-3.9.1.x86_64",
"product": {
"name": "libaugeas0-32bit-1.10.1-3.9.1.x86_64",
"product_id": "libaugeas0-32bit-1.10.1-3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-1.10.1-3.9.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:augeas-1.10.1-3.9.1.aarch64"
},
"product_reference": "augeas-1.10.1-3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-1.10.1-3.9.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:augeas-1.10.1-3.9.1.ppc64le"
},
"product_reference": "augeas-1.10.1-3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-1.10.1-3.9.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:augeas-1.10.1-3.9.1.s390x"
},
"product_reference": "augeas-1.10.1-3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-1.10.1-3.9.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:augeas-1.10.1-3.9.1.x86_64"
},
"product_reference": "augeas-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-devel-1.10.1-3.9.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:augeas-devel-1.10.1-3.9.1.aarch64"
},
"product_reference": "augeas-devel-1.10.1-3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-devel-1.10.1-3.9.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:augeas-devel-1.10.1-3.9.1.ppc64le"
},
"product_reference": "augeas-devel-1.10.1-3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-devel-1.10.1-3.9.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:augeas-devel-1.10.1-3.9.1.s390x"
},
"product_reference": "augeas-devel-1.10.1-3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-devel-1.10.1-3.9.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:augeas-devel-1.10.1-3.9.1.x86_64"
},
"product_reference": "augeas-devel-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-devel-32bit-1.10.1-3.9.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:augeas-devel-32bit-1.10.1-3.9.1.x86_64"
},
"product_reference": "augeas-devel-32bit-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-lense-tests-1.10.1-3.9.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:augeas-lense-tests-1.10.1-3.9.1.aarch64"
},
"product_reference": "augeas-lense-tests-1.10.1-3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-lense-tests-1.10.1-3.9.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:augeas-lense-tests-1.10.1-3.9.1.ppc64le"
},
"product_reference": "augeas-lense-tests-1.10.1-3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-lense-tests-1.10.1-3.9.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:augeas-lense-tests-1.10.1-3.9.1.s390x"
},
"product_reference": "augeas-lense-tests-1.10.1-3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-lense-tests-1.10.1-3.9.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:augeas-lense-tests-1.10.1-3.9.1.x86_64"
},
"product_reference": "augeas-lense-tests-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-lenses-1.10.1-3.9.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:augeas-lenses-1.10.1-3.9.1.aarch64"
},
"product_reference": "augeas-lenses-1.10.1-3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-lenses-1.10.1-3.9.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:augeas-lenses-1.10.1-3.9.1.ppc64le"
},
"product_reference": "augeas-lenses-1.10.1-3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-lenses-1.10.1-3.9.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:augeas-lenses-1.10.1-3.9.1.s390x"
},
"product_reference": "augeas-lenses-1.10.1-3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-lenses-1.10.1-3.9.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:augeas-lenses-1.10.1-3.9.1.x86_64"
},
"product_reference": "augeas-lenses-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-150300.16.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:chrony-4.1-150300.16.3.1.aarch64"
},
"product_reference": "chrony-4.1-150300.16.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-150300.16.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:chrony-4.1-150300.16.3.1.ppc64le"
},
"product_reference": "chrony-4.1-150300.16.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-150300.16.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:chrony-4.1-150300.16.3.1.s390x"
},
"product_reference": "chrony-4.1-150300.16.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-150300.16.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:chrony-4.1-150300.16.3.1.x86_64"
},
"product_reference": "chrony-4.1-150300.16.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-pool-empty-4.1-150300.16.3.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:chrony-pool-empty-4.1-150300.16.3.1.noarch"
},
"product_reference": "chrony-pool-empty-4.1-150300.16.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-pool-openSUSE-4.1-150300.16.3.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:chrony-pool-openSUSE-4.1-150300.16.3.1.noarch"
},
"product_reference": "chrony-pool-openSUSE-4.1-150300.16.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-pool-suse-4.1-150300.16.3.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:chrony-pool-suse-4.1-150300.16.3.1.noarch"
},
"product_reference": "chrony-pool-suse-4.1-150300.16.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaugeas0-1.10.1-3.9.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libaugeas0-1.10.1-3.9.1.aarch64"
},
"product_reference": "libaugeas0-1.10.1-3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaugeas0-1.10.1-3.9.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libaugeas0-1.10.1-3.9.1.ppc64le"
},
"product_reference": "libaugeas0-1.10.1-3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaugeas0-1.10.1-3.9.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libaugeas0-1.10.1-3.9.1.s390x"
},
"product_reference": "libaugeas0-1.10.1-3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaugeas0-1.10.1-3.9.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libaugeas0-1.10.1-3.9.1.x86_64"
},
"product_reference": "libaugeas0-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaugeas0-32bit-1.10.1-3.9.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libaugeas0-32bit-1.10.1-3.9.1.x86_64"
},
"product_reference": "libaugeas0-32bit-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-14367",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14367"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it\u0027s opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:augeas-1.10.1-3.9.1.aarch64",
"openSUSE Leap 15.3:augeas-1.10.1-3.9.1.ppc64le",
"openSUSE Leap 15.3:augeas-1.10.1-3.9.1.s390x",
"openSUSE Leap 15.3:augeas-1.10.1-3.9.1.x86_64",
"openSUSE Leap 15.3:augeas-devel-1.10.1-3.9.1.aarch64",
"openSUSE Leap 15.3:augeas-devel-1.10.1-3.9.1.ppc64le",
"openSUSE Leap 15.3:augeas-devel-1.10.1-3.9.1.s390x",
"openSUSE Leap 15.3:augeas-devel-1.10.1-3.9.1.x86_64",
"openSUSE Leap 15.3:augeas-devel-32bit-1.10.1-3.9.1.x86_64",
"openSUSE Leap 15.3:augeas-lense-tests-1.10.1-3.9.1.aarch64",
"openSUSE Leap 15.3:augeas-lense-tests-1.10.1-3.9.1.ppc64le",
"openSUSE Leap 15.3:augeas-lense-tests-1.10.1-3.9.1.s390x",
"openSUSE Leap 15.3:augeas-lense-tests-1.10.1-3.9.1.x86_64",
"openSUSE Leap 15.3:augeas-lenses-1.10.1-3.9.1.aarch64",
"openSUSE Leap 15.3:augeas-lenses-1.10.1-3.9.1.ppc64le",
"openSUSE Leap 15.3:augeas-lenses-1.10.1-3.9.1.s390x",
"openSUSE Leap 15.3:augeas-lenses-1.10.1-3.9.1.x86_64",
"openSUSE Leap 15.3:chrony-4.1-150300.16.3.1.aarch64",
"openSUSE Leap 15.3:chrony-4.1-150300.16.3.1.ppc64le",
"openSUSE Leap 15.3:chrony-4.1-150300.16.3.1.s390x",
"openSUSE Leap 15.3:chrony-4.1-150300.16.3.1.x86_64",
"openSUSE Leap 15.3:chrony-pool-empty-4.1-150300.16.3.1.noarch",
"openSUSE Leap 15.3:chrony-pool-openSUSE-4.1-150300.16.3.1.noarch",
"openSUSE Leap 15.3:chrony-pool-suse-4.1-150300.16.3.1.noarch",
"openSUSE Leap 15.3:libaugeas0-1.10.1-3.9.1.aarch64",
"openSUSE Leap 15.3:libaugeas0-1.10.1-3.9.1.ppc64le",
"openSUSE Leap 15.3:libaugeas0-1.10.1-3.9.1.s390x",
"openSUSE Leap 15.3:libaugeas0-1.10.1-3.9.1.x86_64",
"openSUSE Leap 15.3:libaugeas0-32bit-1.10.1-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14367",
"url": "https://www.suse.com/security/cve/CVE-2020-14367"
},
{
"category": "external",
"summary": "SUSE Bug 1174911 for CVE-2020-14367",
"url": "https://bugzilla.suse.com/1174911"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:augeas-1.10.1-3.9.1.aarch64",
"openSUSE Leap 15.3:augeas-1.10.1-3.9.1.ppc64le",
"openSUSE Leap 15.3:augeas-1.10.1-3.9.1.s390x",
"openSUSE Leap 15.3:augeas-1.10.1-3.9.1.x86_64",
"openSUSE Leap 15.3:augeas-devel-1.10.1-3.9.1.aarch64",
"openSUSE Leap 15.3:augeas-devel-1.10.1-3.9.1.ppc64le",
"openSUSE Leap 15.3:augeas-devel-1.10.1-3.9.1.s390x",
"openSUSE Leap 15.3:augeas-devel-1.10.1-3.9.1.x86_64",
"openSUSE Leap 15.3:augeas-devel-32bit-1.10.1-3.9.1.x86_64",
"openSUSE Leap 15.3:augeas-lense-tests-1.10.1-3.9.1.aarch64",
"openSUSE Leap 15.3:augeas-lense-tests-1.10.1-3.9.1.ppc64le",
"openSUSE Leap 15.3:augeas-lense-tests-1.10.1-3.9.1.s390x",
"openSUSE Leap 15.3:augeas-lense-tests-1.10.1-3.9.1.x86_64",
"openSUSE Leap 15.3:augeas-lenses-1.10.1-3.9.1.aarch64",
"openSUSE Leap 15.3:augeas-lenses-1.10.1-3.9.1.ppc64le",
"openSUSE Leap 15.3:augeas-lenses-1.10.1-3.9.1.s390x",
"openSUSE Leap 15.3:augeas-lenses-1.10.1-3.9.1.x86_64",
"openSUSE Leap 15.3:chrony-4.1-150300.16.3.1.aarch64",
"openSUSE Leap 15.3:chrony-4.1-150300.16.3.1.ppc64le",
"openSUSE Leap 15.3:chrony-4.1-150300.16.3.1.s390x",
"openSUSE Leap 15.3:chrony-4.1-150300.16.3.1.x86_64",
"openSUSE Leap 15.3:chrony-pool-empty-4.1-150300.16.3.1.noarch",
"openSUSE Leap 15.3:chrony-pool-openSUSE-4.1-150300.16.3.1.noarch",
"openSUSE Leap 15.3:chrony-pool-suse-4.1-150300.16.3.1.noarch",
"openSUSE Leap 15.3:libaugeas0-1.10.1-3.9.1.aarch64",
"openSUSE Leap 15.3:libaugeas0-1.10.1-3.9.1.ppc64le",
"openSUSE Leap 15.3:libaugeas0-1.10.1-3.9.1.s390x",
"openSUSE Leap 15.3:libaugeas0-1.10.1-3.9.1.x86_64",
"openSUSE Leap 15.3:libaugeas0-32bit-1.10.1-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:augeas-1.10.1-3.9.1.aarch64",
"openSUSE Leap 15.3:augeas-1.10.1-3.9.1.ppc64le",
"openSUSE Leap 15.3:augeas-1.10.1-3.9.1.s390x",
"openSUSE Leap 15.3:augeas-1.10.1-3.9.1.x86_64",
"openSUSE Leap 15.3:augeas-devel-1.10.1-3.9.1.aarch64",
"openSUSE Leap 15.3:augeas-devel-1.10.1-3.9.1.ppc64le",
"openSUSE Leap 15.3:augeas-devel-1.10.1-3.9.1.s390x",
"openSUSE Leap 15.3:augeas-devel-1.10.1-3.9.1.x86_64",
"openSUSE Leap 15.3:augeas-devel-32bit-1.10.1-3.9.1.x86_64",
"openSUSE Leap 15.3:augeas-lense-tests-1.10.1-3.9.1.aarch64",
"openSUSE Leap 15.3:augeas-lense-tests-1.10.1-3.9.1.ppc64le",
"openSUSE Leap 15.3:augeas-lense-tests-1.10.1-3.9.1.s390x",
"openSUSE Leap 15.3:augeas-lense-tests-1.10.1-3.9.1.x86_64",
"openSUSE Leap 15.3:augeas-lenses-1.10.1-3.9.1.aarch64",
"openSUSE Leap 15.3:augeas-lenses-1.10.1-3.9.1.ppc64le",
"openSUSE Leap 15.3:augeas-lenses-1.10.1-3.9.1.s390x",
"openSUSE Leap 15.3:augeas-lenses-1.10.1-3.9.1.x86_64",
"openSUSE Leap 15.3:chrony-4.1-150300.16.3.1.aarch64",
"openSUSE Leap 15.3:chrony-4.1-150300.16.3.1.ppc64le",
"openSUSE Leap 15.3:chrony-4.1-150300.16.3.1.s390x",
"openSUSE Leap 15.3:chrony-4.1-150300.16.3.1.x86_64",
"openSUSE Leap 15.3:chrony-pool-empty-4.1-150300.16.3.1.noarch",
"openSUSE Leap 15.3:chrony-pool-openSUSE-4.1-150300.16.3.1.noarch",
"openSUSE Leap 15.3:chrony-pool-suse-4.1-150300.16.3.1.noarch",
"openSUSE Leap 15.3:libaugeas0-1.10.1-3.9.1.aarch64",
"openSUSE Leap 15.3:libaugeas0-1.10.1-3.9.1.ppc64le",
"openSUSE Leap 15.3:libaugeas0-1.10.1-3.9.1.s390x",
"openSUSE Leap 15.3:libaugeas0-1.10.1-3.9.1.x86_64",
"openSUSE Leap 15.3:libaugeas0-32bit-1.10.1-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-15T10:41:14Z",
"details": "moderate"
}
],
"title": "CVE-2020-14367"
}
]
}
opensuse-su-2024:10682-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
chrony-4.1-5.2 on GA media
Notes
Title of the patch
chrony-4.1-5.2 on GA media
Description of the patch
These are all security issues fixed in the chrony-4.1-5.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10682
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "chrony-4.1-5.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the chrony-4.1-5.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10682",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10682-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14367 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14367/"
}
],
"title": "chrony-4.1-5.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10682-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chrony-4.1-5.2.aarch64",
"product": {
"name": "chrony-4.1-5.2.aarch64",
"product_id": "chrony-4.1-5.2.aarch64"
}
},
{
"category": "product_version",
"name": "chrony-pool-empty-4.1-5.2.aarch64",
"product": {
"name": "chrony-pool-empty-4.1-5.2.aarch64",
"product_id": "chrony-pool-empty-4.1-5.2.aarch64"
}
},
{
"category": "product_version",
"name": "chrony-pool-openSUSE-4.1-5.2.aarch64",
"product": {
"name": "chrony-pool-openSUSE-4.1-5.2.aarch64",
"product_id": "chrony-pool-openSUSE-4.1-5.2.aarch64"
}
},
{
"category": "product_version",
"name": "chrony-pool-suse-4.1-5.2.aarch64",
"product": {
"name": "chrony-pool-suse-4.1-5.2.aarch64",
"product_id": "chrony-pool-suse-4.1-5.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "chrony-4.1-5.2.ppc64le",
"product": {
"name": "chrony-4.1-5.2.ppc64le",
"product_id": "chrony-4.1-5.2.ppc64le"
}
},
{
"category": "product_version",
"name": "chrony-pool-empty-4.1-5.2.ppc64le",
"product": {
"name": "chrony-pool-empty-4.1-5.2.ppc64le",
"product_id": "chrony-pool-empty-4.1-5.2.ppc64le"
}
},
{
"category": "product_version",
"name": "chrony-pool-openSUSE-4.1-5.2.ppc64le",
"product": {
"name": "chrony-pool-openSUSE-4.1-5.2.ppc64le",
"product_id": "chrony-pool-openSUSE-4.1-5.2.ppc64le"
}
},
{
"category": "product_version",
"name": "chrony-pool-suse-4.1-5.2.ppc64le",
"product": {
"name": "chrony-pool-suse-4.1-5.2.ppc64le",
"product_id": "chrony-pool-suse-4.1-5.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "chrony-4.1-5.2.s390x",
"product": {
"name": "chrony-4.1-5.2.s390x",
"product_id": "chrony-4.1-5.2.s390x"
}
},
{
"category": "product_version",
"name": "chrony-pool-empty-4.1-5.2.s390x",
"product": {
"name": "chrony-pool-empty-4.1-5.2.s390x",
"product_id": "chrony-pool-empty-4.1-5.2.s390x"
}
},
{
"category": "product_version",
"name": "chrony-pool-openSUSE-4.1-5.2.s390x",
"product": {
"name": "chrony-pool-openSUSE-4.1-5.2.s390x",
"product_id": "chrony-pool-openSUSE-4.1-5.2.s390x"
}
},
{
"category": "product_version",
"name": "chrony-pool-suse-4.1-5.2.s390x",
"product": {
"name": "chrony-pool-suse-4.1-5.2.s390x",
"product_id": "chrony-pool-suse-4.1-5.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "chrony-4.1-5.2.x86_64",
"product": {
"name": "chrony-4.1-5.2.x86_64",
"product_id": "chrony-4.1-5.2.x86_64"
}
},
{
"category": "product_version",
"name": "chrony-pool-empty-4.1-5.2.x86_64",
"product": {
"name": "chrony-pool-empty-4.1-5.2.x86_64",
"product_id": "chrony-pool-empty-4.1-5.2.x86_64"
}
},
{
"category": "product_version",
"name": "chrony-pool-openSUSE-4.1-5.2.x86_64",
"product": {
"name": "chrony-pool-openSUSE-4.1-5.2.x86_64",
"product_id": "chrony-pool-openSUSE-4.1-5.2.x86_64"
}
},
{
"category": "product_version",
"name": "chrony-pool-suse-4.1-5.2.x86_64",
"product": {
"name": "chrony-pool-suse-4.1-5.2.x86_64",
"product_id": "chrony-pool-suse-4.1-5.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chrony-4.1-5.2.aarch64"
},
"product_reference": "chrony-4.1-5.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chrony-4.1-5.2.ppc64le"
},
"product_reference": "chrony-4.1-5.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chrony-4.1-5.2.s390x"
},
"product_reference": "chrony-4.1-5.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chrony-4.1-5.2.x86_64"
},
"product_reference": "chrony-4.1-5.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-pool-empty-4.1-5.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chrony-pool-empty-4.1-5.2.aarch64"
},
"product_reference": "chrony-pool-empty-4.1-5.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-pool-empty-4.1-5.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chrony-pool-empty-4.1-5.2.ppc64le"
},
"product_reference": "chrony-pool-empty-4.1-5.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-pool-empty-4.1-5.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chrony-pool-empty-4.1-5.2.s390x"
},
"product_reference": "chrony-pool-empty-4.1-5.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-pool-empty-4.1-5.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chrony-pool-empty-4.1-5.2.x86_64"
},
"product_reference": "chrony-pool-empty-4.1-5.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-pool-openSUSE-4.1-5.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chrony-pool-openSUSE-4.1-5.2.aarch64"
},
"product_reference": "chrony-pool-openSUSE-4.1-5.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-pool-openSUSE-4.1-5.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chrony-pool-openSUSE-4.1-5.2.ppc64le"
},
"product_reference": "chrony-pool-openSUSE-4.1-5.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-pool-openSUSE-4.1-5.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chrony-pool-openSUSE-4.1-5.2.s390x"
},
"product_reference": "chrony-pool-openSUSE-4.1-5.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-pool-openSUSE-4.1-5.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chrony-pool-openSUSE-4.1-5.2.x86_64"
},
"product_reference": "chrony-pool-openSUSE-4.1-5.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-pool-suse-4.1-5.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chrony-pool-suse-4.1-5.2.aarch64"
},
"product_reference": "chrony-pool-suse-4.1-5.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-pool-suse-4.1-5.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chrony-pool-suse-4.1-5.2.ppc64le"
},
"product_reference": "chrony-pool-suse-4.1-5.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-pool-suse-4.1-5.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chrony-pool-suse-4.1-5.2.s390x"
},
"product_reference": "chrony-pool-suse-4.1-5.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-pool-suse-4.1-5.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chrony-pool-suse-4.1-5.2.x86_64"
},
"product_reference": "chrony-pool-suse-4.1-5.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-14367",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14367"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it\u0027s opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chrony-4.1-5.2.aarch64",
"openSUSE Tumbleweed:chrony-4.1-5.2.ppc64le",
"openSUSE Tumbleweed:chrony-4.1-5.2.s390x",
"openSUSE Tumbleweed:chrony-4.1-5.2.x86_64",
"openSUSE Tumbleweed:chrony-pool-empty-4.1-5.2.aarch64",
"openSUSE Tumbleweed:chrony-pool-empty-4.1-5.2.ppc64le",
"openSUSE Tumbleweed:chrony-pool-empty-4.1-5.2.s390x",
"openSUSE Tumbleweed:chrony-pool-empty-4.1-5.2.x86_64",
"openSUSE Tumbleweed:chrony-pool-openSUSE-4.1-5.2.aarch64",
"openSUSE Tumbleweed:chrony-pool-openSUSE-4.1-5.2.ppc64le",
"openSUSE Tumbleweed:chrony-pool-openSUSE-4.1-5.2.s390x",
"openSUSE Tumbleweed:chrony-pool-openSUSE-4.1-5.2.x86_64",
"openSUSE Tumbleweed:chrony-pool-suse-4.1-5.2.aarch64",
"openSUSE Tumbleweed:chrony-pool-suse-4.1-5.2.ppc64le",
"openSUSE Tumbleweed:chrony-pool-suse-4.1-5.2.s390x",
"openSUSE Tumbleweed:chrony-pool-suse-4.1-5.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14367",
"url": "https://www.suse.com/security/cve/CVE-2020-14367"
},
{
"category": "external",
"summary": "SUSE Bug 1174911 for CVE-2020-14367",
"url": "https://bugzilla.suse.com/1174911"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chrony-4.1-5.2.aarch64",
"openSUSE Tumbleweed:chrony-4.1-5.2.ppc64le",
"openSUSE Tumbleweed:chrony-4.1-5.2.s390x",
"openSUSE Tumbleweed:chrony-4.1-5.2.x86_64",
"openSUSE Tumbleweed:chrony-pool-empty-4.1-5.2.aarch64",
"openSUSE Tumbleweed:chrony-pool-empty-4.1-5.2.ppc64le",
"openSUSE Tumbleweed:chrony-pool-empty-4.1-5.2.s390x",
"openSUSE Tumbleweed:chrony-pool-empty-4.1-5.2.x86_64",
"openSUSE Tumbleweed:chrony-pool-openSUSE-4.1-5.2.aarch64",
"openSUSE Tumbleweed:chrony-pool-openSUSE-4.1-5.2.ppc64le",
"openSUSE Tumbleweed:chrony-pool-openSUSE-4.1-5.2.s390x",
"openSUSE Tumbleweed:chrony-pool-openSUSE-4.1-5.2.x86_64",
"openSUSE Tumbleweed:chrony-pool-suse-4.1-5.2.aarch64",
"openSUSE Tumbleweed:chrony-pool-suse-4.1-5.2.ppc64le",
"openSUSE Tumbleweed:chrony-pool-suse-4.1-5.2.s390x",
"openSUSE Tumbleweed:chrony-pool-suse-4.1-5.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chrony-4.1-5.2.aarch64",
"openSUSE Tumbleweed:chrony-4.1-5.2.ppc64le",
"openSUSE Tumbleweed:chrony-4.1-5.2.s390x",
"openSUSE Tumbleweed:chrony-4.1-5.2.x86_64",
"openSUSE Tumbleweed:chrony-pool-empty-4.1-5.2.aarch64",
"openSUSE Tumbleweed:chrony-pool-empty-4.1-5.2.ppc64le",
"openSUSE Tumbleweed:chrony-pool-empty-4.1-5.2.s390x",
"openSUSE Tumbleweed:chrony-pool-empty-4.1-5.2.x86_64",
"openSUSE Tumbleweed:chrony-pool-openSUSE-4.1-5.2.aarch64",
"openSUSE Tumbleweed:chrony-pool-openSUSE-4.1-5.2.ppc64le",
"openSUSE Tumbleweed:chrony-pool-openSUSE-4.1-5.2.s390x",
"openSUSE Tumbleweed:chrony-pool-openSUSE-4.1-5.2.x86_64",
"openSUSE Tumbleweed:chrony-pool-suse-4.1-5.2.aarch64",
"openSUSE Tumbleweed:chrony-pool-suse-4.1-5.2.ppc64le",
"openSUSE Tumbleweed:chrony-pool-suse-4.1-5.2.s390x",
"openSUSE Tumbleweed:chrony-pool-suse-4.1-5.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-14367"
}
]
}
suse-su-2022:0845-1
Vulnerability from csaf_suse
Published
2022-03-15 10:41
Modified
2022-03-15 10:41
Summary
Security update for chrony
Notes
Title of the patch
Security update for chrony
Description of the patch
This update for chrony fixes the following issues:
Chrony was updated to 4.1, bringing features and bugfixes.
Update to 4.1
* Add support for NTS servers specified by IP address (matching
Subject Alternative Name in server certificate)
* Add source-specific configuration of trusted certificates
* Allow multiple files and directories with trusted certificates
* Allow multiple pairs of server keys and certificates
* Add copy option to server/pool directive
* Increase PPS lock limit to 40% of pulse interval
* Perform source selection immediately after loading dump files
* Reload dump files for addresses negotiated by NTS-KE server
* Update seccomp filter and add less restrictive level
* Restart ongoing name resolution on online command
* Fix dump files to not include uncorrected offset
* Fix initstepslew to accept time from own NTP clients
* Reset NTP address and port when no longer negotiated by NTS-KE
server
- Ensure the correct pool packages are installed for openSUSE
and SLE (bsc#1180689).
- Fix pool package dependencies, so that SLE prefers chrony-pool-suse
over chrony-pool-empty. (bsc#1194229)
- Enable syscallfilter unconditionally [bsc#1181826].
Update to 4.0
- Enhancements
- Add support for Network Time Security (NTS) authentication
- Add support for AES-CMAC keys (AES128, AES256) with Nettle
- Add authselectmode directive to control selection of
unauthenticated sources
- Add binddevice, bindacqdevice, bindcmddevice directives
- Add confdir directive to better support fragmented
configuration
- Add sourcedir directive and 'reload sources' command to
support dynamic NTP sources specified in files
- Add clockprecision directive
- Add dscp directive to set Differentiated Services Code Point
(DSCP)
- Add -L option to limit log messages by severity
- Add -p option to print whole configuration with included
files
- Add -U option to allow start under non-root user
- Allow maxsamples to be set to 1 for faster update with -q/-Q
option
- Avoid replacing NTP sources with sources that have
unreachable address
- Improve pools to repeat name resolution to get 'maxsources'
sources
- Improve source selection with trusted sources
- Improve NTP loop test to prevent synchronisation to itself
- Repeat iburst when NTP source is switched from offline state
to online
- Update clock synchronisation status and leap status more
frequently
- Update seccomp filter
- Add 'add pool' command
- Add 'reset sources' command to drop all measurements
- Add authdata command to print details about NTP
authentication
- Add selectdata command to print details about source
selection
- Add -N option and sourcename command to print original names
of sources
- Add -a option to some commands to print also unresolved
sources
- Add -k, -p, -r options to clients command to select, limit,
reset data
- Bug fixes
- Don’t set interface for NTP responses to allow asymmetric
routing
- Handle RTCs that don’t support interrupts
- Respond to command requests with correct address on
multihomed hosts
- Removed features
- Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)
- Drop support for long (non-standard) MACs in NTPv4 packets
(chrony 2.x clients using non-MD5/SHA1 keys need to use
option 'version 3')
- Drop support for line editing with GNU Readline
- By default we don't write log files but log to journald, so
only recommend logrotate.
- Adjust and rename the sysconfig file, so that it matches the
expectations of chronyd.service (bsc#1173277).
Update to 3.5.1:
* Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
- Use iburst in the default pool statements to speed up initial
synchronisation (bsc#1172113).
Update to 3.5:
+ Add support for more accurate reading of PHC on Linux 5.0
+ Add support for hardware timestamping on interfaces with read-only timestamping configuration
+ Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris
+ Update seccomp filter to work on more architectures
+ Validate refclock driver options
+ Fix bindaddress directive on FreeBSD
+ Fix transposition of hardware RX timestamp on Linux 4.13 and later
+ Fix building on non-glibc systems
- Fix location of helper script in chrony-dnssrv@.service
(bsc#1128846).
- Read runtime servers from /var/run/netconfig/chrony.servers to
fix bsc#1099272.
- Move chrony-helper to /usr/lib/chrony/helper, because there
should be no executables in /usr/share.
Update to version 3.4
* Enhancements
+ Add filter option to server/pool/peer directive
+ Add minsamples and maxsamples options to hwtimestamp directive
+ Add support for faster frequency adjustments in Linux 4.19
+ Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd
without root privileges to remove it on exit
+ Disable sub-second polling intervals for distant NTP sources
+ Extend range of supported sub-second polling intervals
+ Get/set IPv4 destination/source address of NTP packets on FreeBSD
+ Make burst options and command useful with short polling intervals
+ Modify auto_offline option to activate when sending request failed
+ Respond from interface that received NTP request if possible
+ Add onoffline command to switch between online and offline state
according to current system network configuration
+ Improve example NetworkManager dispatcher script
* Bug fixes
+ Avoid waiting in Linux getrandom system call
+ Fix PPS support on FreeBSD and NetBSD
Update to version 3.3
* Enhancements:
+ Add burst option to server/pool directive
+ Add stratum and tai options to refclock directive
+ Add support for Nettle crypto library
+ Add workaround for missing kernel receive timestamps on Linux
+ Wait for late hardware transmit timestamps
+ Improve source selection with unreachable sources
+ Improve protection against replay attacks on symmetric mode
+ Allow PHC refclock to use socket in /var/run/chrony
+ Add shutdown command to stop chronyd
+ Simplify format of response to manual list command
+ Improve handling of unknown responses in chronyc
* Bug fixes:
+ Respond to NTPv1 client requests with zero mode
+ Fix -x option to not require CAP_SYS_TIME under non-root user
+ Fix acquisitionport directive to work with privilege separation
+ Fix handling of socket errors on Linux to avoid high CPU usage
+ Fix chronyc to not get stuck in infinite loop after clock step
Patchnames
SUSE-2022-845,SUSE-SLE-INSTALLER-15-SP3-2022-845,SUSE-SLE-Module-Basesystem-15-SP3-2022-845,SUSE-SLE-Product-RT-15-SP2-2022-845,SUSE-SUSE-MicroOS-5.0-2022-845,SUSE-SUSE-MicroOS-5.1-2022-845
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chrony",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chrony fixes the following issues:\n\nChrony was updated to 4.1, bringing features and bugfixes.\n\nUpdate to 4.1\n\n * Add support for NTS servers specified by IP address (matching\n Subject Alternative Name in server certificate)\n * Add source-specific configuration of trusted certificates\n * Allow multiple files and directories with trusted certificates\n * Allow multiple pairs of server keys and certificates\n * Add copy option to server/pool directive\n * Increase PPS lock limit to 40% of pulse interval\n * Perform source selection immediately after loading dump files\n * Reload dump files for addresses negotiated by NTS-KE server\n * Update seccomp filter and add less restrictive level\n * Restart ongoing name resolution on online command\n * Fix dump files to not include uncorrected offset\n * Fix initstepslew to accept time from own NTP clients\n * Reset NTP address and port when no longer negotiated by NTS-KE\n server\n\n- Ensure the correct pool packages are installed for openSUSE\n and SLE (bsc#1180689).\n- Fix pool package dependencies, so that SLE prefers chrony-pool-suse\n over chrony-pool-empty. (bsc#1194229)\n\n- Enable syscallfilter unconditionally [bsc#1181826].\n\nUpdate to 4.0\n\n - Enhancements\n\n - Add support for Network Time Security (NTS) authentication\n - Add support for AES-CMAC keys (AES128, AES256) with Nettle\n - Add authselectmode directive to control selection of\n unauthenticated sources\n - Add binddevice, bindacqdevice, bindcmddevice directives\n - Add confdir directive to better support fragmented\n configuration\n - Add sourcedir directive and \u0027reload sources\u0027 command to\n support dynamic NTP sources specified in files\n - Add clockprecision directive\n - Add dscp directive to set Differentiated Services Code Point\n (DSCP)\n - Add -L option to limit log messages by severity\n - Add -p option to print whole configuration with included\n files\n - Add -U option to allow start under non-root user\n - Allow maxsamples to be set to 1 for faster update with -q/-Q\n option\n - Avoid replacing NTP sources with sources that have\n unreachable address\n - Improve pools to repeat name resolution to get \u0027maxsources\u0027\n sources\n - Improve source selection with trusted sources\n - Improve NTP loop test to prevent synchronisation to itself\n - Repeat iburst when NTP source is switched from offline state\n to online\n - Update clock synchronisation status and leap status more\n frequently\n - Update seccomp filter\n - Add \u0027add pool\u0027 command\n - Add \u0027reset sources\u0027 command to drop all measurements\n - Add authdata command to print details about NTP\n authentication\n - Add selectdata command to print details about source\n selection\n - Add -N option and sourcename command to print original names\n of sources\n - Add -a option to some commands to print also unresolved\n sources\n - Add -k, -p, -r options to clients command to select, limit,\n reset data\n\n - Bug fixes\n\n - Don\u2019t set interface for NTP responses to allow asymmetric\n routing\n - Handle RTCs that don\u2019t support interrupts\n - Respond to command requests with correct address on\n multihomed hosts\n - Removed features\n - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)\n - Drop support for long (non-standard) MACs in NTPv4 packets\n (chrony 2.x clients using non-MD5/SHA1 keys need to use\n option \u0027version 3\u0027)\n - Drop support for line editing with GNU Readline\n\n- By default we don\u0027t write log files but log to journald, so\n only recommend logrotate.\n\n- Adjust and rename the sysconfig file, so that it matches the\n expectations of chronyd.service (bsc#1173277).\n\nUpdate to 3.5.1:\n\n * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)\n\n- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)\n\n- Use iburst in the default pool statements to speed up initial\n synchronisation (bsc#1172113).\n\n\n\n\nUpdate to 3.5:\n\n+ Add support for more accurate reading of PHC on Linux 5.0\n+ Add support for hardware timestamping on interfaces with read-only timestamping configuration\n+ Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris\n+ Update seccomp filter to work on more architectures\n+ Validate refclock driver options\n+ Fix bindaddress directive on FreeBSD\n+ Fix transposition of hardware RX timestamp on Linux 4.13 and later\n+ Fix building on non-glibc systems\n\n- Fix location of helper script in chrony-dnssrv@.service\n (bsc#1128846).\n\n\n- Read runtime servers from /var/run/netconfig/chrony.servers to\n fix bsc#1099272.\n- Move chrony-helper to /usr/lib/chrony/helper, because there\n should be no executables in /usr/share.\n\nUpdate to version 3.4\n\n * Enhancements\n\n + Add filter option to server/pool/peer directive\n + Add minsamples and maxsamples options to hwtimestamp directive\n + Add support for faster frequency adjustments in Linux 4.19\n + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd \n without root privileges to remove it on exit\n + Disable sub-second polling intervals for distant NTP sources\n + Extend range of supported sub-second polling intervals\n + Get/set IPv4 destination/source address of NTP packets on FreeBSD\n + Make burst options and command useful with short polling intervals\n + Modify auto_offline option to activate when sending request failed\n + Respond from interface that received NTP request if possible\n + Add onoffline command to switch between online and offline state \n according to current system network configuration\n + Improve example NetworkManager dispatcher script\n\n * Bug fixes\n\n + Avoid waiting in Linux getrandom system call\n + Fix PPS support on FreeBSD and NetBSD\n\nUpdate to version 3.3\n\n * Enhancements:\n\n + Add burst option to server/pool directive\n + Add stratum and tai options to refclock directive\n + Add support for Nettle crypto library\n + Add workaround for missing kernel receive timestamps on Linux\n + Wait for late hardware transmit timestamps\n + Improve source selection with unreachable sources\n + Improve protection against replay attacks on symmetric mode\n + Allow PHC refclock to use socket in /var/run/chrony\n + Add shutdown command to stop chronyd\n + Simplify format of response to manual list command\n + Improve handling of unknown responses in chronyc\n\n * Bug fixes:\n\n + Respond to NTPv1 client requests with zero mode\n + Fix -x option to not require CAP_SYS_TIME under non-root user\n + Fix acquisitionport directive to work with privilege separation\n + Fix handling of socket errors on Linux to avoid high CPU usage\n + Fix chronyc to not get stuck in infinite loop after clock step",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-845,SUSE-SLE-INSTALLER-15-SP3-2022-845,SUSE-SLE-Module-Basesystem-15-SP3-2022-845,SUSE-SLE-Product-RT-15-SP2-2022-845,SUSE-SUSE-MicroOS-5.0-2022-845,SUSE-SUSE-MicroOS-5.1-2022-845",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_0845-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:0845-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220845-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:0845-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010440.html"
},
{
"category": "self",
"summary": "SUSE Bug 1099272",
"url": "https://bugzilla.suse.com/1099272"
},
{
"category": "self",
"summary": "SUSE Bug 1115529",
"url": "https://bugzilla.suse.com/1115529"
},
{
"category": "self",
"summary": "SUSE Bug 1128846",
"url": "https://bugzilla.suse.com/1128846"
},
{
"category": "self",
"summary": "SUSE Bug 1162964",
"url": "https://bugzilla.suse.com/1162964"
},
{
"category": "self",
"summary": "SUSE Bug 1172113",
"url": "https://bugzilla.suse.com/1172113"
},
{
"category": "self",
"summary": "SUSE Bug 1173277",
"url": "https://bugzilla.suse.com/1173277"
},
{
"category": "self",
"summary": "SUSE Bug 1174075",
"url": "https://bugzilla.suse.com/1174075"
},
{
"category": "self",
"summary": "SUSE Bug 1174911",
"url": "https://bugzilla.suse.com/1174911"
},
{
"category": "self",
"summary": "SUSE Bug 1180689",
"url": "https://bugzilla.suse.com/1180689"
},
{
"category": "self",
"summary": "SUSE Bug 1181826",
"url": "https://bugzilla.suse.com/1181826"
},
{
"category": "self",
"summary": "SUSE Bug 1187906",
"url": "https://bugzilla.suse.com/1187906"
},
{
"category": "self",
"summary": "SUSE Bug 1190926",
"url": "https://bugzilla.suse.com/1190926"
},
{
"category": "self",
"summary": "SUSE Bug 1194229",
"url": "https://bugzilla.suse.com/1194229"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14367 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14367/"
}
],
"title": "Security update for chrony",
"tracking": {
"current_release_date": "2022-03-15T10:41:19Z",
"generator": {
"date": "2022-03-15T10:41:19Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:0845-1",
"initial_release_date": "2022-03-15T10:41:19Z",
"revision_history": [
{
"date": "2022-03-15T10:41:19Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "augeas-1.10.1-3.9.1.aarch64",
"product": {
"name": "augeas-1.10.1-3.9.1.aarch64",
"product_id": "augeas-1.10.1-3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "augeas-devel-1.10.1-3.9.1.aarch64",
"product": {
"name": "augeas-devel-1.10.1-3.9.1.aarch64",
"product_id": "augeas-devel-1.10.1-3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "augeas-lense-tests-1.10.1-3.9.1.aarch64",
"product": {
"name": "augeas-lense-tests-1.10.1-3.9.1.aarch64",
"product_id": "augeas-lense-tests-1.10.1-3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "augeas-lenses-1.10.1-3.9.1.aarch64",
"product": {
"name": "augeas-lenses-1.10.1-3.9.1.aarch64",
"product_id": "augeas-lenses-1.10.1-3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "chrony-4.1-150300.16.3.1.aarch64",
"product": {
"name": "chrony-4.1-150300.16.3.1.aarch64",
"product_id": "chrony-4.1-150300.16.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libaugeas0-1.10.1-3.9.1.aarch64",
"product": {
"name": "libaugeas0-1.10.1-3.9.1.aarch64",
"product_id": "libaugeas0-1.10.1-3.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "augeas-devel-64bit-1.10.1-3.9.1.aarch64_ilp32",
"product": {
"name": "augeas-devel-64bit-1.10.1-3.9.1.aarch64_ilp32",
"product_id": "augeas-devel-64bit-1.10.1-3.9.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libaugeas0-64bit-1.10.1-3.9.1.aarch64_ilp32",
"product": {
"name": "libaugeas0-64bit-1.10.1-3.9.1.aarch64_ilp32",
"product_id": "libaugeas0-64bit-1.10.1-3.9.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "augeas-1.10.1-3.9.1.i586",
"product": {
"name": "augeas-1.10.1-3.9.1.i586",
"product_id": "augeas-1.10.1-3.9.1.i586"
}
},
{
"category": "product_version",
"name": "augeas-devel-1.10.1-3.9.1.i586",
"product": {
"name": "augeas-devel-1.10.1-3.9.1.i586",
"product_id": "augeas-devel-1.10.1-3.9.1.i586"
}
},
{
"category": "product_version",
"name": "augeas-lense-tests-1.10.1-3.9.1.i586",
"product": {
"name": "augeas-lense-tests-1.10.1-3.9.1.i586",
"product_id": "augeas-lense-tests-1.10.1-3.9.1.i586"
}
},
{
"category": "product_version",
"name": "augeas-lenses-1.10.1-3.9.1.i586",
"product": {
"name": "augeas-lenses-1.10.1-3.9.1.i586",
"product_id": "augeas-lenses-1.10.1-3.9.1.i586"
}
},
{
"category": "product_version",
"name": "chrony-4.1-150300.16.3.1.i586",
"product": {
"name": "chrony-4.1-150300.16.3.1.i586",
"product_id": "chrony-4.1-150300.16.3.1.i586"
}
},
{
"category": "product_version",
"name": "libaugeas0-1.10.1-3.9.1.i586",
"product": {
"name": "libaugeas0-1.10.1-3.9.1.i586",
"product_id": "libaugeas0-1.10.1-3.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "chrony-pool-empty-4.1-150300.16.3.1.noarch",
"product": {
"name": "chrony-pool-empty-4.1-150300.16.3.1.noarch",
"product_id": "chrony-pool-empty-4.1-150300.16.3.1.noarch"
}
},
{
"category": "product_version",
"name": "chrony-pool-openSUSE-4.1-150300.16.3.1.noarch",
"product": {
"name": "chrony-pool-openSUSE-4.1-150300.16.3.1.noarch",
"product_id": "chrony-pool-openSUSE-4.1-150300.16.3.1.noarch"
}
},
{
"category": "product_version",
"name": "chrony-pool-suse-4.1-150300.16.3.1.noarch",
"product": {
"name": "chrony-pool-suse-4.1-150300.16.3.1.noarch",
"product_id": "chrony-pool-suse-4.1-150300.16.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "augeas-1.10.1-3.9.1.ppc64le",
"product": {
"name": "augeas-1.10.1-3.9.1.ppc64le",
"product_id": "augeas-1.10.1-3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "augeas-devel-1.10.1-3.9.1.ppc64le",
"product": {
"name": "augeas-devel-1.10.1-3.9.1.ppc64le",
"product_id": "augeas-devel-1.10.1-3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "augeas-lense-tests-1.10.1-3.9.1.ppc64le",
"product": {
"name": "augeas-lense-tests-1.10.1-3.9.1.ppc64le",
"product_id": "augeas-lense-tests-1.10.1-3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "augeas-lenses-1.10.1-3.9.1.ppc64le",
"product": {
"name": "augeas-lenses-1.10.1-3.9.1.ppc64le",
"product_id": "augeas-lenses-1.10.1-3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "chrony-4.1-150300.16.3.1.ppc64le",
"product": {
"name": "chrony-4.1-150300.16.3.1.ppc64le",
"product_id": "chrony-4.1-150300.16.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libaugeas0-1.10.1-3.9.1.ppc64le",
"product": {
"name": "libaugeas0-1.10.1-3.9.1.ppc64le",
"product_id": "libaugeas0-1.10.1-3.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "augeas-1.10.1-3.9.1.s390x",
"product": {
"name": "augeas-1.10.1-3.9.1.s390x",
"product_id": "augeas-1.10.1-3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "augeas-devel-1.10.1-3.9.1.s390x",
"product": {
"name": "augeas-devel-1.10.1-3.9.1.s390x",
"product_id": "augeas-devel-1.10.1-3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "augeas-lense-tests-1.10.1-3.9.1.s390x",
"product": {
"name": "augeas-lense-tests-1.10.1-3.9.1.s390x",
"product_id": "augeas-lense-tests-1.10.1-3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "augeas-lenses-1.10.1-3.9.1.s390x",
"product": {
"name": "augeas-lenses-1.10.1-3.9.1.s390x",
"product_id": "augeas-lenses-1.10.1-3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "chrony-4.1-150300.16.3.1.s390x",
"product": {
"name": "chrony-4.1-150300.16.3.1.s390x",
"product_id": "chrony-4.1-150300.16.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libaugeas0-1.10.1-3.9.1.s390x",
"product": {
"name": "libaugeas0-1.10.1-3.9.1.s390x",
"product_id": "libaugeas0-1.10.1-3.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "augeas-1.10.1-3.9.1.x86_64",
"product": {
"name": "augeas-1.10.1-3.9.1.x86_64",
"product_id": "augeas-1.10.1-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "augeas-devel-1.10.1-3.9.1.x86_64",
"product": {
"name": "augeas-devel-1.10.1-3.9.1.x86_64",
"product_id": "augeas-devel-1.10.1-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "augeas-devel-32bit-1.10.1-3.9.1.x86_64",
"product": {
"name": "augeas-devel-32bit-1.10.1-3.9.1.x86_64",
"product_id": "augeas-devel-32bit-1.10.1-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "augeas-lense-tests-1.10.1-3.9.1.x86_64",
"product": {
"name": "augeas-lense-tests-1.10.1-3.9.1.x86_64",
"product_id": "augeas-lense-tests-1.10.1-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "augeas-lenses-1.10.1-3.9.1.x86_64",
"product": {
"name": "augeas-lenses-1.10.1-3.9.1.x86_64",
"product_id": "augeas-lenses-1.10.1-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "chrony-4.1-150300.16.3.1.x86_64",
"product": {
"name": "chrony-4.1-150300.16.3.1.x86_64",
"product_id": "chrony-4.1-150300.16.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libaugeas0-1.10.1-3.9.1.x86_64",
"product": {
"name": "libaugeas0-1.10.1-3.9.1.x86_64",
"product_id": "libaugeas0-1.10.1-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libaugeas0-32bit-1.10.1-3.9.1.x86_64",
"product": {
"name": "libaugeas0-32bit-1.10.1-3.9.1.x86_64",
"product_id": "libaugeas0-32bit-1.10.1-3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Installer Updates 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Installer Updates 15 SP3",
"product_id": "SUSE Linux Enterprise Installer Updates 15 SP3"
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Real Time 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Real Time 15 SP2",
"product_id": "SUSE Linux Enterprise Real Time 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_rt:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.0",
"product": {
"name": "SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-1.10.1-3.9.1.aarch64 as component of SUSE Linux Enterprise Installer Updates 15 SP3",
"product_id": "SUSE Linux Enterprise Installer Updates 15 SP3:augeas-1.10.1-3.9.1.aarch64"
},
"product_reference": "augeas-1.10.1-3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Installer Updates 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-1.10.1-3.9.1.ppc64le as component of SUSE Linux Enterprise Installer Updates 15 SP3",
"product_id": "SUSE Linux Enterprise Installer Updates 15 SP3:augeas-1.10.1-3.9.1.ppc64le"
},
"product_reference": "augeas-1.10.1-3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Installer Updates 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-1.10.1-3.9.1.s390x as component of SUSE Linux Enterprise Installer Updates 15 SP3",
"product_id": "SUSE Linux Enterprise Installer Updates 15 SP3:augeas-1.10.1-3.9.1.s390x"
},
"product_reference": "augeas-1.10.1-3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Installer Updates 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-1.10.1-3.9.1.x86_64 as component of SUSE Linux Enterprise Installer Updates 15 SP3",
"product_id": "SUSE Linux Enterprise Installer Updates 15 SP3:augeas-1.10.1-3.9.1.x86_64"
},
"product_reference": "augeas-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Installer Updates 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-lenses-1.10.1-3.9.1.aarch64 as component of SUSE Linux Enterprise Installer Updates 15 SP3",
"product_id": "SUSE Linux Enterprise Installer Updates 15 SP3:augeas-lenses-1.10.1-3.9.1.aarch64"
},
"product_reference": "augeas-lenses-1.10.1-3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Installer Updates 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-lenses-1.10.1-3.9.1.ppc64le as component of SUSE Linux Enterprise Installer Updates 15 SP3",
"product_id": "SUSE Linux Enterprise Installer Updates 15 SP3:augeas-lenses-1.10.1-3.9.1.ppc64le"
},
"product_reference": "augeas-lenses-1.10.1-3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Installer Updates 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-lenses-1.10.1-3.9.1.s390x as component of SUSE Linux Enterprise Installer Updates 15 SP3",
"product_id": "SUSE Linux Enterprise Installer Updates 15 SP3:augeas-lenses-1.10.1-3.9.1.s390x"
},
"product_reference": "augeas-lenses-1.10.1-3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Installer Updates 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-lenses-1.10.1-3.9.1.x86_64 as component of SUSE Linux Enterprise Installer Updates 15 SP3",
"product_id": "SUSE Linux Enterprise Installer Updates 15 SP3:augeas-lenses-1.10.1-3.9.1.x86_64"
},
"product_reference": "augeas-lenses-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Installer Updates 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaugeas0-1.10.1-3.9.1.aarch64 as component of SUSE Linux Enterprise Installer Updates 15 SP3",
"product_id": "SUSE Linux Enterprise Installer Updates 15 SP3:libaugeas0-1.10.1-3.9.1.aarch64"
},
"product_reference": "libaugeas0-1.10.1-3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Installer Updates 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaugeas0-1.10.1-3.9.1.ppc64le as component of SUSE Linux Enterprise Installer Updates 15 SP3",
"product_id": "SUSE Linux Enterprise Installer Updates 15 SP3:libaugeas0-1.10.1-3.9.1.ppc64le"
},
"product_reference": "libaugeas0-1.10.1-3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Installer Updates 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaugeas0-1.10.1-3.9.1.s390x as component of SUSE Linux Enterprise Installer Updates 15 SP3",
"product_id": "SUSE Linux Enterprise Installer Updates 15 SP3:libaugeas0-1.10.1-3.9.1.s390x"
},
"product_reference": "libaugeas0-1.10.1-3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Installer Updates 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaugeas0-1.10.1-3.9.1.x86_64 as component of SUSE Linux Enterprise Installer Updates 15 SP3",
"product_id": "SUSE Linux Enterprise Installer Updates 15 SP3:libaugeas0-1.10.1-3.9.1.x86_64"
},
"product_reference": "libaugeas0-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Installer Updates 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-1.10.1-3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-1.10.1-3.9.1.aarch64"
},
"product_reference": "augeas-1.10.1-3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-1.10.1-3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-1.10.1-3.9.1.ppc64le"
},
"product_reference": "augeas-1.10.1-3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-1.10.1-3.9.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-1.10.1-3.9.1.s390x"
},
"product_reference": "augeas-1.10.1-3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-1.10.1-3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-1.10.1-3.9.1.x86_64"
},
"product_reference": "augeas-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-devel-1.10.1-3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-devel-1.10.1-3.9.1.aarch64"
},
"product_reference": "augeas-devel-1.10.1-3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-devel-1.10.1-3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-devel-1.10.1-3.9.1.ppc64le"
},
"product_reference": "augeas-devel-1.10.1-3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-devel-1.10.1-3.9.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-devel-1.10.1-3.9.1.s390x"
},
"product_reference": "augeas-devel-1.10.1-3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-devel-1.10.1-3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-devel-1.10.1-3.9.1.x86_64"
},
"product_reference": "augeas-devel-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-lenses-1.10.1-3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-lenses-1.10.1-3.9.1.aarch64"
},
"product_reference": "augeas-lenses-1.10.1-3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-lenses-1.10.1-3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-lenses-1.10.1-3.9.1.ppc64le"
},
"product_reference": "augeas-lenses-1.10.1-3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-lenses-1.10.1-3.9.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-lenses-1.10.1-3.9.1.s390x"
},
"product_reference": "augeas-lenses-1.10.1-3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-lenses-1.10.1-3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-lenses-1.10.1-3.9.1.x86_64"
},
"product_reference": "augeas-lenses-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-150300.16.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:chrony-4.1-150300.16.3.1.aarch64"
},
"product_reference": "chrony-4.1-150300.16.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-150300.16.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:chrony-4.1-150300.16.3.1.ppc64le"
},
"product_reference": "chrony-4.1-150300.16.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-150300.16.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:chrony-4.1-150300.16.3.1.s390x"
},
"product_reference": "chrony-4.1-150300.16.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-150300.16.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:chrony-4.1-150300.16.3.1.x86_64"
},
"product_reference": "chrony-4.1-150300.16.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-pool-empty-4.1-150300.16.3.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:chrony-pool-empty-4.1-150300.16.3.1.noarch"
},
"product_reference": "chrony-pool-empty-4.1-150300.16.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-pool-suse-4.1-150300.16.3.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:chrony-pool-suse-4.1-150300.16.3.1.noarch"
},
"product_reference": "chrony-pool-suse-4.1-150300.16.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaugeas0-1.10.1-3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libaugeas0-1.10.1-3.9.1.aarch64"
},
"product_reference": "libaugeas0-1.10.1-3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaugeas0-1.10.1-3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libaugeas0-1.10.1-3.9.1.ppc64le"
},
"product_reference": "libaugeas0-1.10.1-3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaugeas0-1.10.1-3.9.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libaugeas0-1.10.1-3.9.1.s390x"
},
"product_reference": "libaugeas0-1.10.1-3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaugeas0-1.10.1-3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libaugeas0-1.10.1-3.9.1.x86_64"
},
"product_reference": "libaugeas0-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-1.10.1-3.9.1.x86_64 as component of SUSE Linux Enterprise Real Time 15 SP2",
"product_id": "SUSE Linux Enterprise Real Time 15 SP2:augeas-1.10.1-3.9.1.x86_64"
},
"product_reference": "augeas-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-devel-1.10.1-3.9.1.x86_64 as component of SUSE Linux Enterprise Real Time 15 SP2",
"product_id": "SUSE Linux Enterprise Real Time 15 SP2:augeas-devel-1.10.1-3.9.1.x86_64"
},
"product_reference": "augeas-devel-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-lenses-1.10.1-3.9.1.x86_64 as component of SUSE Linux Enterprise Real Time 15 SP2",
"product_id": "SUSE Linux Enterprise Real Time 15 SP2:augeas-lenses-1.10.1-3.9.1.x86_64"
},
"product_reference": "augeas-lenses-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaugeas0-1.10.1-3.9.1.x86_64 as component of SUSE Linux Enterprise Real Time 15 SP2",
"product_id": "SUSE Linux Enterprise Real Time 15 SP2:libaugeas0-1.10.1-3.9.1.x86_64"
},
"product_reference": "libaugeas0-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-1.10.1-3.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:augeas-1.10.1-3.9.1.aarch64"
},
"product_reference": "augeas-1.10.1-3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-1.10.1-3.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:augeas-1.10.1-3.9.1.x86_64"
},
"product_reference": "augeas-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-lenses-1.10.1-3.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:augeas-lenses-1.10.1-3.9.1.aarch64"
},
"product_reference": "augeas-lenses-1.10.1-3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-lenses-1.10.1-3.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:augeas-lenses-1.10.1-3.9.1.x86_64"
},
"product_reference": "augeas-lenses-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaugeas0-1.10.1-3.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:libaugeas0-1.10.1-3.9.1.aarch64"
},
"product_reference": "libaugeas0-1.10.1-3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaugeas0-1.10.1-3.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:libaugeas0-1.10.1-3.9.1.x86_64"
},
"product_reference": "libaugeas0-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-1.10.1-3.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:augeas-1.10.1-3.9.1.aarch64"
},
"product_reference": "augeas-1.10.1-3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-1.10.1-3.9.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:augeas-1.10.1-3.9.1.s390x"
},
"product_reference": "augeas-1.10.1-3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-1.10.1-3.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:augeas-1.10.1-3.9.1.x86_64"
},
"product_reference": "augeas-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-lenses-1.10.1-3.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:augeas-lenses-1.10.1-3.9.1.aarch64"
},
"product_reference": "augeas-lenses-1.10.1-3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-lenses-1.10.1-3.9.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:augeas-lenses-1.10.1-3.9.1.s390x"
},
"product_reference": "augeas-lenses-1.10.1-3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-lenses-1.10.1-3.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:augeas-lenses-1.10.1-3.9.1.x86_64"
},
"product_reference": "augeas-lenses-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-150300.16.3.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:chrony-4.1-150300.16.3.1.aarch64"
},
"product_reference": "chrony-4.1-150300.16.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-150300.16.3.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:chrony-4.1-150300.16.3.1.s390x"
},
"product_reference": "chrony-4.1-150300.16.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-150300.16.3.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:chrony-4.1-150300.16.3.1.x86_64"
},
"product_reference": "chrony-4.1-150300.16.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-pool-suse-4.1-150300.16.3.1.noarch as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:chrony-pool-suse-4.1-150300.16.3.1.noarch"
},
"product_reference": "chrony-pool-suse-4.1-150300.16.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaugeas0-1.10.1-3.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libaugeas0-1.10.1-3.9.1.aarch64"
},
"product_reference": "libaugeas0-1.10.1-3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaugeas0-1.10.1-3.9.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libaugeas0-1.10.1-3.9.1.s390x"
},
"product_reference": "libaugeas0-1.10.1-3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaugeas0-1.10.1-3.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libaugeas0-1.10.1-3.9.1.x86_64"
},
"product_reference": "libaugeas0-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-14367",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14367"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it\u0027s opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Installer Updates 15 SP3:augeas-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Installer Updates 15 SP3:augeas-1.10.1-3.9.1.ppc64le",
"SUSE Linux Enterprise Installer Updates 15 SP3:augeas-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Installer Updates 15 SP3:augeas-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Installer Updates 15 SP3:augeas-lenses-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Installer Updates 15 SP3:augeas-lenses-1.10.1-3.9.1.ppc64le",
"SUSE Linux Enterprise Installer Updates 15 SP3:augeas-lenses-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Installer Updates 15 SP3:augeas-lenses-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Installer Updates 15 SP3:libaugeas0-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Installer Updates 15 SP3:libaugeas0-1.10.1-3.9.1.ppc64le",
"SUSE Linux Enterprise Installer Updates 15 SP3:libaugeas0-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Installer Updates 15 SP3:libaugeas0-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:augeas-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:augeas-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:augeas-lenses-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:augeas-lenses-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:libaugeas0-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:libaugeas0-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:augeas-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:augeas-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:augeas-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:augeas-lenses-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:augeas-lenses-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:augeas-lenses-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:chrony-4.1-150300.16.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:chrony-4.1-150300.16.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:chrony-4.1-150300.16.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:chrony-pool-suse-4.1-150300.16.3.1.noarch",
"SUSE Linux Enterprise Micro 5.1:libaugeas0-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libaugeas0-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libaugeas0-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-1.10.1-3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-devel-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-devel-1.10.1-3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-devel-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-devel-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-lenses-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-lenses-1.10.1-3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-lenses-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-lenses-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:chrony-4.1-150300.16.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:chrony-4.1-150300.16.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:chrony-4.1-150300.16.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:chrony-4.1-150300.16.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:chrony-pool-empty-4.1-150300.16.3.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:chrony-pool-suse-4.1-150300.16.3.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libaugeas0-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libaugeas0-1.10.1-3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libaugeas0-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libaugeas0-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP2:augeas-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP2:augeas-devel-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP2:augeas-lenses-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP2:libaugeas0-1.10.1-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14367",
"url": "https://www.suse.com/security/cve/CVE-2020-14367"
},
{
"category": "external",
"summary": "SUSE Bug 1174911 for CVE-2020-14367",
"url": "https://bugzilla.suse.com/1174911"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Installer Updates 15 SP3:augeas-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Installer Updates 15 SP3:augeas-1.10.1-3.9.1.ppc64le",
"SUSE Linux Enterprise Installer Updates 15 SP3:augeas-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Installer Updates 15 SP3:augeas-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Installer Updates 15 SP3:augeas-lenses-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Installer Updates 15 SP3:augeas-lenses-1.10.1-3.9.1.ppc64le",
"SUSE Linux Enterprise Installer Updates 15 SP3:augeas-lenses-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Installer Updates 15 SP3:augeas-lenses-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Installer Updates 15 SP3:libaugeas0-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Installer Updates 15 SP3:libaugeas0-1.10.1-3.9.1.ppc64le",
"SUSE Linux Enterprise Installer Updates 15 SP3:libaugeas0-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Installer Updates 15 SP3:libaugeas0-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:augeas-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:augeas-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:augeas-lenses-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:augeas-lenses-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:libaugeas0-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:libaugeas0-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:augeas-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:augeas-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:augeas-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:augeas-lenses-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:augeas-lenses-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:augeas-lenses-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:chrony-4.1-150300.16.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:chrony-4.1-150300.16.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:chrony-4.1-150300.16.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:chrony-pool-suse-4.1-150300.16.3.1.noarch",
"SUSE Linux Enterprise Micro 5.1:libaugeas0-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libaugeas0-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libaugeas0-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-1.10.1-3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-devel-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-devel-1.10.1-3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-devel-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-devel-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-lenses-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-lenses-1.10.1-3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-lenses-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-lenses-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:chrony-4.1-150300.16.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:chrony-4.1-150300.16.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:chrony-4.1-150300.16.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:chrony-4.1-150300.16.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:chrony-pool-empty-4.1-150300.16.3.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:chrony-pool-suse-4.1-150300.16.3.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libaugeas0-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libaugeas0-1.10.1-3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libaugeas0-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libaugeas0-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP2:augeas-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP2:augeas-devel-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP2:augeas-lenses-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP2:libaugeas0-1.10.1-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Installer Updates 15 SP3:augeas-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Installer Updates 15 SP3:augeas-1.10.1-3.9.1.ppc64le",
"SUSE Linux Enterprise Installer Updates 15 SP3:augeas-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Installer Updates 15 SP3:augeas-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Installer Updates 15 SP3:augeas-lenses-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Installer Updates 15 SP3:augeas-lenses-1.10.1-3.9.1.ppc64le",
"SUSE Linux Enterprise Installer Updates 15 SP3:augeas-lenses-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Installer Updates 15 SP3:augeas-lenses-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Installer Updates 15 SP3:libaugeas0-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Installer Updates 15 SP3:libaugeas0-1.10.1-3.9.1.ppc64le",
"SUSE Linux Enterprise Installer Updates 15 SP3:libaugeas0-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Installer Updates 15 SP3:libaugeas0-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:augeas-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:augeas-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:augeas-lenses-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:augeas-lenses-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:libaugeas0-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:libaugeas0-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:augeas-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:augeas-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:augeas-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:augeas-lenses-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:augeas-lenses-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:augeas-lenses-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:chrony-4.1-150300.16.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:chrony-4.1-150300.16.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:chrony-4.1-150300.16.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:chrony-pool-suse-4.1-150300.16.3.1.noarch",
"SUSE Linux Enterprise Micro 5.1:libaugeas0-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libaugeas0-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libaugeas0-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-1.10.1-3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-devel-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-devel-1.10.1-3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-devel-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-devel-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-lenses-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-lenses-1.10.1-3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-lenses-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:augeas-lenses-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:chrony-4.1-150300.16.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:chrony-4.1-150300.16.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:chrony-4.1-150300.16.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:chrony-4.1-150300.16.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:chrony-pool-empty-4.1-150300.16.3.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:chrony-pool-suse-4.1-150300.16.3.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libaugeas0-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libaugeas0-1.10.1-3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libaugeas0-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libaugeas0-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP2:augeas-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP2:augeas-devel-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP2:augeas-lenses-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP2:libaugeas0-1.10.1-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-15T10:41:19Z",
"details": "moderate"
}
],
"title": "CVE-2020-14367"
}
]
}
suse-su-2021:4147-1
Vulnerability from csaf_suse
Published
2021-12-22 08:24
Modified
2021-12-22 08:24
Summary
Security update for chrony
Notes
Title of the patch
Security update for chrony
Description of the patch
This update for chrony fixes the following issues:
Chrony was updated to 4.1:
* Add support for NTS servers specified by IP address (matching
Subject Alternative Name in server certificate)
* Add source-specific configuration of trusted certificates
* Allow multiple files and directories with trusted certificates
* Allow multiple pairs of server keys and certificates
* Add copy option to server/pool directive
* Increase PPS lock limit to 40% of pulse interval
* Perform source selection immediately after loading dump files
* Reload dump files for addresses negotiated by NTS-KE server
* Update seccomp filter and add less restrictive level
* Restart ongoing name resolution on online command
* Fix dump files to not include uncorrected offset
* Fix initstepslew to accept time from own NTP clients
* Reset NTP address and port when no longer negotiated by NTS-KE
server
- Update clknetsim to snapshot f89702d.
- Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689).
- Enable syscallfilter unconditionally (bsc#1181826).
Chrony was updated to 4.0:
Enhancements
- Add support for Network Time Security (NTS) authentication
- Add support for AES-CMAC keys (AES128, AES256) with Nettle
- Add authselectmode directive to control selection of
unauthenticated sources
- Add binddevice, bindacqdevice, bindcmddevice directives
- Add confdir directive to better support fragmented
configuration
- Add sourcedir directive and 'reload sources' command to
support dynamic NTP sources specified in files
- Add clockprecision directive
- Add dscp directive to set Differentiated Services Code Point
(DSCP)
- Add -L option to limit log messages by severity
- Add -p option to print whole configuration with included
files
- Add -U option to allow start under non-root user
- Allow maxsamples to be set to 1 for faster update with -q/-Q
option
- Avoid replacing NTP sources with sources that have
unreachable address
- Improve pools to repeat name resolution to get 'maxsources'
sources
- Improve source selection with trusted sources
- Improve NTP loop test to prevent synchronisation to itself
- Repeat iburst when NTP source is switched from offline state
to online
- Update clock synchronisation status and leap status more
frequently
- Update seccomp filter
- Add 'add pool' command
- Add 'reset sources' command to drop all measurements
- Add authdata command to print details about NTP
authentication
- Add selectdata command to print details about source
selection
- Add -N option and sourcename command to print original names
of sources
- Add -a option to some commands to print also unresolved
sources
- Add -k, -p, -r options to clients command to select, limit,
reset data
- Bug fixes
- Don’t set interface for NTP responses to allow asymmetric
routing
- Handle RTCs that don’t support interrupts
- Respond to command requests with correct address on
multihomed hosts
- Removed features
- Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)
- Drop support for long (non-standard) MACs in NTPv4 packets
(chrony 2.x clients using non-MD5/SHA1 keys need to use
option 'version 3')
- By default we don't write log files but log to journald, so
only recommend logrotate.
- Adjust and rename the sysconfig file, so that it matches the
expectations of chronyd.service (bsc#1173277).
Chrony was updated to 3.5.1:
* Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)
- Add chrony-pool-suse and chrony-pool-openSUSE subpackages that
preconfigure chrony to use NTP servers from the respective
pools for SUSE and openSUSE (bsc#1156884, SLE-11424).
- Add chrony-pool-empty to still allow installing chrony without
preconfigured servers.
- Use iburst in the default pool statements to speed up initial
synchronisation (bsc#1172113).
- Update clknetsim to version 79ffe44 (fixes bsc#1162964).
Update to 3.5:
+ Add support for more accurate reading of PHC on Linux 5.0
+ Add support for hardware timestamping on interfaces with read-only timestamping configuration
+ Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris
+ Update seccomp filter to work on more architectures
+ Validate refclock driver options
+ Fix bindaddress directive on FreeBSD
+ Fix transposition of hardware RX timestamp on Linux 4.13 and later
+ Fix building on non-glibc systems
- Fix location of helper script in chrony-dnssrv@.service (bsc#1128846).
- Read runtime servers from /var/run/netconfig/chrony.servers (bsc#1099272)
- Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share.
- Remove discrepancies between spec file and chrony-tmpfiles (bsc#1115529)
Update to version 3.4
* Enhancements
+ Add filter option to server/pool/peer directive
+ Add minsamples and maxsamples options to hwtimestamp directive
+ Add support for faster frequency adjustments in Linux 4.19
+ Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd
without root privileges to remove it on exit
+ Disable sub-second polling intervals for distant NTP sources
+ Extend range of supported sub-second polling intervals
+ Get/set IPv4 destination/source address of NTP packets on FreeBSD
+ Make burst options and command useful with short polling intervals
+ Modify auto_offline option to activate when sending request failed
+ Respond from interface that received NTP request if possible
+ Add onoffline command to switch between online and offline state
according to current system network configuration
+ Improve example NetworkManager dispatcher script
* Bug fixes
+ Avoid waiting in Linux getrandom system call
+ Fix PPS support on FreeBSD and NetBSD
Update to version 3.3
* Enhancements:
+ Add burst option to server/pool directive
+ Add stratum and tai options to refclock directive
+ Add support for Nettle crypto library
+ Add workaround for missing kernel receive timestamps on Linux
+ Wait for late hardware transmit timestamps
+ Improve source selection with unreachable sources
+ Improve protection against replay attacks on symmetric mode
+ Allow PHC refclock to use socket in /var/run/chrony
+ Add shutdown command to stop chronyd
+ Simplify format of response to manual list command
+ Improve handling of unknown responses in chronyc
* Bug fixes:
+ Respond to NTPv1 client requests with zero mode
+ Fix -x option to not require CAP_SYS_TIME under non-root user
+ Fix acquisitionport directive to work with privilege separation
+ Fix handling of socket errors on Linux to avoid high CPU usage
+ Fix chronyc to not get stuck in infinite loop after clock step
- Added /etc/chrony.d/ directory to the package (bsc#1083597) Modifed default chrony.conf to add 'include /etc/chrony.d/*'
- Enable pps support
Upgraded to version 3.2:
Enhancements
* Improve stability with NTP sources and reference clocks
* Improve stability with hardware timestamping
* Improve support for NTP interleaved modes
* Control frequency of system clock on macOS 10.13 and later
* Set TAI-UTC offset of system clock with leapsectz directive
* Minimise data in client requests to improve privacy
* Allow transmit-only hardware timestamping
* Add support for new timestamping options introduced in Linux 4.13
* Add root delay, root dispersion and maximum error to tracking log
* Add mindelay and asymmetry options to server/peer/pool directive
* Add extpps option to PHC refclock to timestamp external PPS signal
* Add pps option to refclock directive to treat any refclock as PPS
* Add width option to refclock directive to filter wrong pulse edges
* Add rxfilter option to hwtimestamp directive
* Add -x option to disable control of system clock
* Add -l option to log to specified file instead of syslog
* Allow multiple command-line options to be specified together
* Allow starting without root privileges with -Q option
* Update seccomp filter for new glibc versions
* Dump history on exit by default with dumpdir directive
* Use hardening compiler options by default
Bug fixes
* Don't drop PHC samples with low-resolution system clock
* Ignore outliers in PHC tracking, RTC tracking, manual input
* Increase polling interval when peer is not responding
* Exit with error message when include directive fails
* Don't allow slash after hostname in allow/deny directive/command
* Try to connect to all addresses in chronyc before giving up
Upgraded to version 3.1:
- Enhancements
- Add support for precise cross timestamping of PHC on Linux
- Add minpoll, precision, nocrossts options to hwtimestamp directive
- Add rawmeasurements option to log directive and modify measurements
option to log only valid measurements from synchronised sources
- Allow sub-second polling interval with NTP sources
- Bug fixes
- Fix time smoothing in interleaved mode
Upgraded to version 3.0:
- Enhancements
- Add support for software and hardware timestamping on Linux
- Add support for client/server and symmetric interleaved modes
- Add support for MS-SNTP authentication in Samba
- Add support for truncated MACs in NTPv4 packets
- Estimate and correct for asymmetric network jitter
- Increase default minsamples and polltarget to improve stability with very low jitter
- Add maxjitter directive to limit source selection by jitter
- Add offset option to server/pool/peer directive
- Add maxlockage option to refclock directive
- Add -t option to chronyd to exit after specified time
- Add partial protection against replay attacks on symmetric mode
- Don't reset polling interval when switching sources to online state
- Allow rate limiting with very short intervals
- Improve maximum server throughput on Linux and NetBSD
- Remove dump files after start
- Add tab-completion to chronyc with libedit/readline
- Add ntpdata command to print details about NTP measurements
- Allow all source options to be set in add server/peer command
- Indicate truncated addresses/hostnames in chronyc output
- Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses
- Bug fixes
- Fix crash with disabled asynchronous name resolving
Upgraded to version 2.4.1:
- Bug fixes
- Fix processing of kernel timestamps on non-Linux systems
- Fix crash with smoothtime directive
- Fix validation of refclock sample times
- Fix parsing of refclock directive
update to 2.4:
- Enhancements
- Add orphan option to local directive for orphan mode
compatible with ntpd
- Add distance option to local directive to set activation
threshold (1 second by default)
- Add maxdrift directive to set maximum allowed drift of system
clock
- Try to replace NTP sources exceeding maximum distance
- Randomise source replacement to avoid getting stuck with bad
sources
- Randomise selection of sources from pools on start
- Ignore reference timestamp as ntpd doesn't always set it
correctly
- Modify tracking report to use same values as seen by NTP
clients
- Add -c option to chronyc to write reports in CSV format
- Provide detailed manual pages
- Bug fixes
- Fix SOCK refclock to work correctly when not specified as
last refclock
- Fix initstepslew and -q/-Q options to accept time from own
NTP clients
- Fix authentication with keys using 512-bit hash functions
- Fix crash on exit when multiple signals are received
- Fix conversion of very small floating-point numbers in
command packets
Patchnames
HPE-Helion-OpenStack-8-2021-4147,SUSE-2021-4147,SUSE-OpenStack-Cloud-8-2021-4147,SUSE-OpenStack-Cloud-9-2021-4147,SUSE-OpenStack-Cloud-Crowbar-8-2021-4147,SUSE-OpenStack-Cloud-Crowbar-9-2021-4147,SUSE-SLE-SAP-12-SP3-2021-4147,SUSE-SLE-SAP-12-SP4-2021-4147,SUSE-SLE-SERVER-12-SP2-BCL-2021-4147,SUSE-SLE-SERVER-12-SP3-2021-4147,SUSE-SLE-SERVER-12-SP3-BCL-2021-4147,SUSE-SLE-SERVER-12-SP4-LTSS-2021-4147,SUSE-SLE-SERVER-12-SP5-2021-4147
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chrony",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chrony fixes the following issues:\n\nChrony was updated to 4.1:\n\n* Add support for NTS servers specified by IP address (matching\n Subject Alternative Name in server certificate)\n* Add source-specific configuration of trusted certificates\n* Allow multiple files and directories with trusted certificates\n* Allow multiple pairs of server keys and certificates\n* Add copy option to server/pool directive\n* Increase PPS lock limit to 40% of pulse interval\n* Perform source selection immediately after loading dump files\n* Reload dump files for addresses negotiated by NTS-KE server\n* Update seccomp filter and add less restrictive level\n* Restart ongoing name resolution on online command\n* Fix dump files to not include uncorrected offset\n* Fix initstepslew to accept time from own NTP clients\n* Reset NTP address and port when no longer negotiated by NTS-KE\n server\n- Update clknetsim to snapshot f89702d.\n\n- Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689).\n\n- Enable syscallfilter unconditionally (bsc#1181826).\n\nChrony was updated to 4.0:\n\nEnhancements\n\n- Add support for Network Time Security (NTS) authentication\n- Add support for AES-CMAC keys (AES128, AES256) with Nettle\n- Add authselectmode directive to control selection of\n unauthenticated sources\n- Add binddevice, bindacqdevice, bindcmddevice directives\n- Add confdir directive to better support fragmented\n configuration\n- Add sourcedir directive and \u0027reload sources\u0027 command to\n support dynamic NTP sources specified in files\n- Add clockprecision directive\n- Add dscp directive to set Differentiated Services Code Point\n (DSCP)\n- Add -L option to limit log messages by severity\n- Add -p option to print whole configuration with included\n files\n- Add -U option to allow start under non-root user\n- Allow maxsamples to be set to 1 for faster update with -q/-Q\n option\n- Avoid replacing NTP sources with sources that have\n unreachable address\n- Improve pools to repeat name resolution to get \u0027maxsources\u0027\n sources\n- Improve source selection with trusted sources\n- Improve NTP loop test to prevent synchronisation to itself\n- Repeat iburst when NTP source is switched from offline state\n to online\n- Update clock synchronisation status and leap status more\n frequently\n- Update seccomp filter\n- Add \u0027add pool\u0027 command\n- Add \u0027reset sources\u0027 command to drop all measurements\n- Add authdata command to print details about NTP\n authentication\n- Add selectdata command to print details about source\n selection\n- Add -N option and sourcename command to print original names\n of sources\n- Add -a option to some commands to print also unresolved\n sources\n- Add -k, -p, -r options to clients command to select, limit,\n reset data\n- Bug fixes\n- Don\u2019t set interface for NTP responses to allow asymmetric\n routing\n- Handle RTCs that don\u2019t support interrupts\n- Respond to command requests with correct address on\n multihomed hosts\n- Removed features\n- Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)\n- Drop support for long (non-standard) MACs in NTPv4 packets\n (chrony 2.x clients using non-MD5/SHA1 keys need to use\n option \u0027version 3\u0027)\n\n- By default we don\u0027t write log files but log to journald, so\n only recommend logrotate.\n\n- Adjust and rename the sysconfig file, so that it matches the\n expectations of chronyd.service (bsc#1173277).\n\nChrony was updated to 3.5.1:\n\n* Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)\n\n- Add chrony-pool-suse and chrony-pool-openSUSE subpackages that\n preconfigure chrony to use NTP servers from the respective\n pools for SUSE and openSUSE (bsc#1156884, SLE-11424).\n- Add chrony-pool-empty to still allow installing chrony without\n preconfigured servers.\n- Use iburst in the default pool statements to speed up initial\n synchronisation (bsc#1172113).\n\n- Update clknetsim to version 79ffe44 (fixes bsc#1162964).\n\nUpdate to 3.5:\n\n+ Add support for more accurate reading of PHC on Linux 5.0\n+ Add support for hardware timestamping on interfaces with read-only timestamping configuration\n+ Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris\n+ Update seccomp filter to work on more architectures\n+ Validate refclock driver options\n+ Fix bindaddress directive on FreeBSD\n+ Fix transposition of hardware RX timestamp on Linux 4.13 and later\n+ Fix building on non-glibc systems\n\n- Fix location of helper script in chrony-dnssrv@.service (bsc#1128846).\n\n- Read runtime servers from /var/run/netconfig/chrony.servers (bsc#1099272)\n- Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share.\n- Remove discrepancies between spec file and chrony-tmpfiles (bsc#1115529) \n\nUpdate to version 3.4\n\n* Enhancements\n\n + Add filter option to server/pool/peer directive\n + Add minsamples and maxsamples options to hwtimestamp directive\n + Add support for faster frequency adjustments in Linux 4.19\n + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd \n without root privileges to remove it on exit\n + Disable sub-second polling intervals for distant NTP sources\n + Extend range of supported sub-second polling intervals\n + Get/set IPv4 destination/source address of NTP packets on FreeBSD\n + Make burst options and command useful with short polling intervals\n + Modify auto_offline option to activate when sending request failed\n + Respond from interface that received NTP request if possible\n + Add onoffline command to switch between online and offline state \n according to current system network configuration\n + Improve example NetworkManager dispatcher script\n\n* Bug fixes\n\n + Avoid waiting in Linux getrandom system call\n + Fix PPS support on FreeBSD and NetBSD\n\nUpdate to version 3.3\n\n* Enhancements:\n\n + Add burst option to server/pool directive\n + Add stratum and tai options to refclock directive\n + Add support for Nettle crypto library\n + Add workaround for missing kernel receive timestamps on Linux\n + Wait for late hardware transmit timestamps\n + Improve source selection with unreachable sources\n + Improve protection against replay attacks on symmetric mode\n + Allow PHC refclock to use socket in /var/run/chrony\n + Add shutdown command to stop chronyd\n + Simplify format of response to manual list command\n + Improve handling of unknown responses in chronyc\n\n* Bug fixes:\n\n + Respond to NTPv1 client requests with zero mode\n + Fix -x option to not require CAP_SYS_TIME under non-root user\n + Fix acquisitionport directive to work with privilege separation\n + Fix handling of socket errors on Linux to avoid high CPU usage\n + Fix chronyc to not get stuck in infinite loop after clock step\n\n- Added /etc/chrony.d/ directory to the package (bsc#1083597) Modifed default chrony.conf to add \u0027include /etc/chrony.d/*\u0027\n\n- Enable pps support\n\nUpgraded to version 3.2:\n\nEnhancements\n\n* Improve stability with NTP sources and reference clocks\n* Improve stability with hardware timestamping\n* Improve support for NTP interleaved modes\n* Control frequency of system clock on macOS 10.13 and later\n* Set TAI-UTC offset of system clock with leapsectz directive\n* Minimise data in client requests to improve privacy\n* Allow transmit-only hardware timestamping\n* Add support for new timestamping options introduced in Linux 4.13\n* Add root delay, root dispersion and maximum error to tracking log\n* Add mindelay and asymmetry options to server/peer/pool directive\n* Add extpps option to PHC refclock to timestamp external PPS signal\n* Add pps option to refclock directive to treat any refclock as PPS\n* Add width option to refclock directive to filter wrong pulse edges\n* Add rxfilter option to hwtimestamp directive\n* Add -x option to disable control of system clock\n* Add -l option to log to specified file instead of syslog\n* Allow multiple command-line options to be specified together\n* Allow starting without root privileges with -Q option\n* Update seccomp filter for new glibc versions\n* Dump history on exit by default with dumpdir directive\n* Use hardening compiler options by default\n\nBug fixes\n\n* Don\u0027t drop PHC samples with low-resolution system clock\n* Ignore outliers in PHC tracking, RTC tracking, manual input\n* Increase polling interval when peer is not responding\n* Exit with error message when include directive fails\n* Don\u0027t allow slash after hostname in allow/deny directive/command\n* Try to connect to all addresses in chronyc before giving up\n\nUpgraded to version 3.1:\n\n- Enhancements\n\n - Add support for precise cross timestamping of PHC on Linux\n - Add minpoll, precision, nocrossts options to hwtimestamp directive\n - Add rawmeasurements option to log directive and modify measurements\n option to log only valid measurements from synchronised sources\n - Allow sub-second polling interval with NTP sources\n\n- Bug fixes\n\n - Fix time smoothing in interleaved mode\n\nUpgraded to version 3.0:\n\n- Enhancements\n\n - Add support for software and hardware timestamping on Linux\n - Add support for client/server and symmetric interleaved modes\n - Add support for MS-SNTP authentication in Samba\n - Add support for truncated MACs in NTPv4 packets\n - Estimate and correct for asymmetric network jitter\n - Increase default minsamples and polltarget to improve stability with very low jitter\n - Add maxjitter directive to limit source selection by jitter\n - Add offset option to server/pool/peer directive\n - Add maxlockage option to refclock directive\n - Add -t option to chronyd to exit after specified time\n - Add partial protection against replay attacks on symmetric mode\n - Don\u0027t reset polling interval when switching sources to online state\n - Allow rate limiting with very short intervals\n - Improve maximum server throughput on Linux and NetBSD\n - Remove dump files after start\n - Add tab-completion to chronyc with libedit/readline\n - Add ntpdata command to print details about NTP measurements\n - Allow all source options to be set in add server/peer command\n - Indicate truncated addresses/hostnames in chronyc output\n - Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses\n\n- Bug fixes\n\n - Fix crash with disabled asynchronous name resolving\n\nUpgraded to version 2.4.1:\n\n- Bug fixes\n\n - Fix processing of kernel timestamps on non-Linux systems\n - Fix crash with smoothtime directive\n - Fix validation of refclock sample times\n - Fix parsing of refclock directive\n\nupdate to 2.4:\n\n- Enhancements\n\n - Add orphan option to local directive for orphan mode\n compatible with ntpd\n - Add distance option to local directive to set activation\n threshold (1 second by default)\n - Add maxdrift directive to set maximum allowed drift of system\n clock\n - Try to replace NTP sources exceeding maximum distance\n - Randomise source replacement to avoid getting stuck with bad\n sources\n - Randomise selection of sources from pools on start\n - Ignore reference timestamp as ntpd doesn\u0027t always set it\n correctly\n - Modify tracking report to use same values as seen by NTP\n clients\n - Add -c option to chronyc to write reports in CSV format\n - Provide detailed manual pages\n\n- Bug fixes\n\n - Fix SOCK refclock to work correctly when not specified as\n last refclock\n - Fix initstepslew and -q/-Q options to accept time from own\n NTP clients\n - Fix authentication with keys using 512-bit hash functions\n - Fix crash on exit when multiple signals are received\n - Fix conversion of very small floating-point numbers in\n command packets\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2021-4147,SUSE-2021-4147,SUSE-OpenStack-Cloud-8-2021-4147,SUSE-OpenStack-Cloud-9-2021-4147,SUSE-OpenStack-Cloud-Crowbar-8-2021-4147,SUSE-OpenStack-Cloud-Crowbar-9-2021-4147,SUSE-SLE-SAP-12-SP3-2021-4147,SUSE-SLE-SAP-12-SP4-2021-4147,SUSE-SLE-SERVER-12-SP2-BCL-2021-4147,SUSE-SLE-SERVER-12-SP3-2021-4147,SUSE-SLE-SERVER-12-SP3-BCL-2021-4147,SUSE-SLE-SERVER-12-SP4-LTSS-2021-4147,SUSE-SLE-SERVER-12-SP5-2021-4147",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_4147-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:4147-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20214147-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:4147-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-December/009931.html"
},
{
"category": "self",
"summary": "SUSE Bug 1063704",
"url": "https://bugzilla.suse.com/1063704"
},
{
"category": "self",
"summary": "SUSE Bug 1069468",
"url": "https://bugzilla.suse.com/1069468"
},
{
"category": "self",
"summary": "SUSE Bug 1082318",
"url": "https://bugzilla.suse.com/1082318"
},
{
"category": "self",
"summary": "SUSE Bug 1083597",
"url": "https://bugzilla.suse.com/1083597"
},
{
"category": "self",
"summary": "SUSE Bug 1099272",
"url": "https://bugzilla.suse.com/1099272"
},
{
"category": "self",
"summary": "SUSE Bug 1115529",
"url": "https://bugzilla.suse.com/1115529"
},
{
"category": "self",
"summary": "SUSE Bug 1128846",
"url": "https://bugzilla.suse.com/1128846"
},
{
"category": "self",
"summary": "SUSE Bug 1156884",
"url": "https://bugzilla.suse.com/1156884"
},
{
"category": "self",
"summary": "SUSE Bug 1159840",
"url": "https://bugzilla.suse.com/1159840"
},
{
"category": "self",
"summary": "SUSE Bug 1161119",
"url": "https://bugzilla.suse.com/1161119"
},
{
"category": "self",
"summary": "SUSE Bug 1162964",
"url": "https://bugzilla.suse.com/1162964"
},
{
"category": "self",
"summary": "SUSE Bug 1171806",
"url": "https://bugzilla.suse.com/1171806"
},
{
"category": "self",
"summary": "SUSE Bug 1172113",
"url": "https://bugzilla.suse.com/1172113"
},
{
"category": "self",
"summary": "SUSE Bug 1173277",
"url": "https://bugzilla.suse.com/1173277"
},
{
"category": "self",
"summary": "SUSE Bug 1173760",
"url": "https://bugzilla.suse.com/1173760"
},
{
"category": "self",
"summary": "SUSE Bug 1174075",
"url": "https://bugzilla.suse.com/1174075"
},
{
"category": "self",
"summary": "SUSE Bug 1174911",
"url": "https://bugzilla.suse.com/1174911"
},
{
"category": "self",
"summary": "SUSE Bug 1180689",
"url": "https://bugzilla.suse.com/1180689"
},
{
"category": "self",
"summary": "SUSE Bug 1181826",
"url": "https://bugzilla.suse.com/1181826"
},
{
"category": "self",
"summary": "SUSE Bug 1183783",
"url": "https://bugzilla.suse.com/1183783"
},
{
"category": "self",
"summary": "SUSE Bug 1184400",
"url": "https://bugzilla.suse.com/1184400"
},
{
"category": "self",
"summary": "SUSE Bug 1187906",
"url": "https://bugzilla.suse.com/1187906"
},
{
"category": "self",
"summary": "SUSE Bug 1190926",
"url": "https://bugzilla.suse.com/1190926"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14367 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14367/"
}
],
"title": "Security update for chrony",
"tracking": {
"current_release_date": "2021-12-22T08:24:51Z",
"generator": {
"date": "2021-12-22T08:24:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:4147-1",
"initial_release_date": "2021-12-22T08:24:51Z",
"revision_history": [
{
"date": "2021-12-22T08:24:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chrony-4.1-5.9.1.aarch64",
"product": {
"name": "chrony-4.1-5.9.1.aarch64",
"product_id": "chrony-4.1-5.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "chrony-4.1-5.9.1.i586",
"product": {
"name": "chrony-4.1-5.9.1.i586",
"product_id": "chrony-4.1-5.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "chrony-4.1-5.9.1.ppc64le",
"product": {
"name": "chrony-4.1-5.9.1.ppc64le",
"product_id": "chrony-4.1-5.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "chrony-4.1-5.9.1.s390",
"product": {
"name": "chrony-4.1-5.9.1.s390",
"product_id": "chrony-4.1-5.9.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "chrony-4.1-5.9.1.s390x",
"product": {
"name": "chrony-4.1-5.9.1.s390x",
"product_id": "chrony-4.1-5.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "chrony-4.1-5.9.1.x86_64",
"product": {
"name": "chrony-4.1-5.9.1.x86_64",
"product_id": "chrony-4.1-5.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 9",
"product": {
"name": "SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:9"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:chrony-4.1-5.9.1.x86_64"
},
"product_reference": "chrony-4.1-5.9.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:chrony-4.1-5.9.1.x86_64"
},
"product_reference": "chrony-4.1-5.9.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:chrony-4.1-5.9.1.x86_64"
},
"product_reference": "chrony-4.1-5.9.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:chrony-4.1-5.9.1.x86_64"
},
"product_reference": "chrony-4.1-5.9.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:chrony-4.1-5.9.1.x86_64"
},
"product_reference": "chrony-4.1-5.9.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:chrony-4.1-5.9.1.ppc64le"
},
"product_reference": "chrony-4.1-5.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:chrony-4.1-5.9.1.x86_64"
},
"product_reference": "chrony-4.1-5.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:chrony-4.1-5.9.1.ppc64le"
},
"product_reference": "chrony-4.1-5.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:chrony-4.1-5.9.1.x86_64"
},
"product_reference": "chrony-4.1-5.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:chrony-4.1-5.9.1.x86_64"
},
"product_reference": "chrony-4.1-5.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:chrony-4.1-5.9.1.aarch64"
},
"product_reference": "chrony-4.1-5.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:chrony-4.1-5.9.1.ppc64le"
},
"product_reference": "chrony-4.1-5.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:chrony-4.1-5.9.1.s390x"
},
"product_reference": "chrony-4.1-5.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:chrony-4.1-5.9.1.x86_64"
},
"product_reference": "chrony-4.1-5.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:chrony-4.1-5.9.1.x86_64"
},
"product_reference": "chrony-4.1-5.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:chrony-4.1-5.9.1.aarch64"
},
"product_reference": "chrony-4.1-5.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:chrony-4.1-5.9.1.ppc64le"
},
"product_reference": "chrony-4.1-5.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:chrony-4.1-5.9.1.s390x"
},
"product_reference": "chrony-4.1-5.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:chrony-4.1-5.9.1.x86_64"
},
"product_reference": "chrony-4.1-5.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:chrony-4.1-5.9.1.aarch64"
},
"product_reference": "chrony-4.1-5.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:chrony-4.1-5.9.1.ppc64le"
},
"product_reference": "chrony-4.1-5.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:chrony-4.1-5.9.1.s390x"
},
"product_reference": "chrony-4.1-5.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:chrony-4.1-5.9.1.x86_64"
},
"product_reference": "chrony-4.1-5.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:chrony-4.1-5.9.1.aarch64"
},
"product_reference": "chrony-4.1-5.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:chrony-4.1-5.9.1.ppc64le"
},
"product_reference": "chrony-4.1-5.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:chrony-4.1-5.9.1.s390x"
},
"product_reference": "chrony-4.1-5.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chrony-4.1-5.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:chrony-4.1-5.9.1.x86_64"
},
"product_reference": "chrony-4.1-5.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-14367",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14367"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it\u0027s opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:chrony-4.1-5.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:chrony-4.1-5.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:chrony-4.1-5.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:chrony-4.1-5.9.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:chrony-4.1-5.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:chrony-4.1-5.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:chrony-4.1-5.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:chrony-4.1-5.9.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:chrony-4.1-5.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:chrony-4.1-5.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:chrony-4.1-5.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:chrony-4.1-5.9.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:chrony-4.1-5.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:chrony-4.1-5.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:chrony-4.1-5.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:chrony-4.1-5.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:chrony-4.1-5.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:chrony-4.1-5.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:chrony-4.1-5.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:chrony-4.1-5.9.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:chrony-4.1-5.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:chrony-4.1-5.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:chrony-4.1-5.9.1.x86_64",
"SUSE OpenStack Cloud 8:chrony-4.1-5.9.1.x86_64",
"SUSE OpenStack Cloud 9:chrony-4.1-5.9.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:chrony-4.1-5.9.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:chrony-4.1-5.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14367",
"url": "https://www.suse.com/security/cve/CVE-2020-14367"
},
{
"category": "external",
"summary": "SUSE Bug 1174911 for CVE-2020-14367",
"url": "https://bugzilla.suse.com/1174911"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:chrony-4.1-5.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:chrony-4.1-5.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:chrony-4.1-5.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:chrony-4.1-5.9.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:chrony-4.1-5.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:chrony-4.1-5.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:chrony-4.1-5.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:chrony-4.1-5.9.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:chrony-4.1-5.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:chrony-4.1-5.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:chrony-4.1-5.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:chrony-4.1-5.9.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:chrony-4.1-5.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:chrony-4.1-5.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:chrony-4.1-5.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:chrony-4.1-5.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:chrony-4.1-5.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:chrony-4.1-5.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:chrony-4.1-5.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:chrony-4.1-5.9.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:chrony-4.1-5.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:chrony-4.1-5.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:chrony-4.1-5.9.1.x86_64",
"SUSE OpenStack Cloud 8:chrony-4.1-5.9.1.x86_64",
"SUSE OpenStack Cloud 9:chrony-4.1-5.9.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:chrony-4.1-5.9.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:chrony-4.1-5.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:chrony-4.1-5.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:chrony-4.1-5.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:chrony-4.1-5.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:chrony-4.1-5.9.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:chrony-4.1-5.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:chrony-4.1-5.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:chrony-4.1-5.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:chrony-4.1-5.9.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:chrony-4.1-5.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:chrony-4.1-5.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:chrony-4.1-5.9.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:chrony-4.1-5.9.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:chrony-4.1-5.9.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:chrony-4.1-5.9.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:chrony-4.1-5.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:chrony-4.1-5.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:chrony-4.1-5.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:chrony-4.1-5.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:chrony-4.1-5.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:chrony-4.1-5.9.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:chrony-4.1-5.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:chrony-4.1-5.9.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:chrony-4.1-5.9.1.x86_64",
"SUSE OpenStack Cloud 8:chrony-4.1-5.9.1.x86_64",
"SUSE OpenStack Cloud 9:chrony-4.1-5.9.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:chrony-4.1-5.9.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:chrony-4.1-5.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-22T08:24:51Z",
"details": "moderate"
}
],
"title": "CVE-2020-14367"
}
]
}
suse-su-2022:0845-2
Vulnerability from csaf_suse
Published
2022-04-19 19:08
Modified
2022-04-19 19:08
Summary
Security update for chrony
Notes
Title of the patch
Security update for chrony
Description of the patch
This update for chrony fixes the following issues:
Chrony was updated to 4.1, bringing features and bugfixes.
Update to 4.1
* Add support for NTS servers specified by IP address (matching
Subject Alternative Name in server certificate)
* Add source-specific configuration of trusted certificates
* Allow multiple files and directories with trusted certificates
* Allow multiple pairs of server keys and certificates
* Add copy option to server/pool directive
* Increase PPS lock limit to 40% of pulse interval
* Perform source selection immediately after loading dump files
* Reload dump files for addresses negotiated by NTS-KE server
* Update seccomp filter and add less restrictive level
* Restart ongoing name resolution on online command
* Fix dump files to not include uncorrected offset
* Fix initstepslew to accept time from own NTP clients
* Reset NTP address and port when no longer negotiated by NTS-KE
server
- Ensure the correct pool packages are installed for openSUSE
and SLE (bsc#1180689).
- Fix pool package dependencies, so that SLE prefers chrony-pool-suse
over chrony-pool-empty. (bsc#1194229)
- Enable syscallfilter unconditionally [bsc#1181826].
Update to 4.0
- Enhancements
- Add support for Network Time Security (NTS) authentication
- Add support for AES-CMAC keys (AES128, AES256) with Nettle
- Add authselectmode directive to control selection of
unauthenticated sources
- Add binddevice, bindacqdevice, bindcmddevice directives
- Add confdir directive to better support fragmented
configuration
- Add sourcedir directive and 'reload sources' command to
support dynamic NTP sources specified in files
- Add clockprecision directive
- Add dscp directive to set Differentiated Services Code Point
(DSCP)
- Add -L option to limit log messages by severity
- Add -p option to print whole configuration with included
files
- Add -U option to allow start under non-root user
- Allow maxsamples to be set to 1 for faster update with -q/-Q
option
- Avoid replacing NTP sources with sources that have
unreachable address
- Improve pools to repeat name resolution to get 'maxsources'
sources
- Improve source selection with trusted sources
- Improve NTP loop test to prevent synchronisation to itself
- Repeat iburst when NTP source is switched from offline state
to online
- Update clock synchronisation status and leap status more
frequently
- Update seccomp filter
- Add 'add pool' command
- Add 'reset sources' command to drop all measurements
- Add authdata command to print details about NTP
authentication
- Add selectdata command to print details about source
selection
- Add -N option and sourcename command to print original names
of sources
- Add -a option to some commands to print also unresolved
sources
- Add -k, -p, -r options to clients command to select, limit,
reset data
- Bug fixes
- Don’t set interface for NTP responses to allow asymmetric
routing
- Handle RTCs that don’t support interrupts
- Respond to command requests with correct address on
multihomed hosts
- Removed features
- Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)
- Drop support for long (non-standard) MACs in NTPv4 packets
(chrony 2.x clients using non-MD5/SHA1 keys need to use
option 'version 3')
- Drop support for line editing with GNU Readline
- By default we don't write log files but log to journald, so
only recommend logrotate.
- Adjust and rename the sysconfig file, so that it matches the
expectations of chronyd.service (bsc#1173277).
Update to 3.5.1:
* Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
- Use iburst in the default pool statements to speed up initial
synchronisation (bsc#1172113).
Update to 3.5:
+ Add support for more accurate reading of PHC on Linux 5.0
+ Add support for hardware timestamping on interfaces with read-only timestamping configuration
+ Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris
+ Update seccomp filter to work on more architectures
+ Validate refclock driver options
+ Fix bindaddress directive on FreeBSD
+ Fix transposition of hardware RX timestamp on Linux 4.13 and later
+ Fix building on non-glibc systems
- Fix location of helper script in chrony-dnssrv@.service
(bsc#1128846).
- Read runtime servers from /var/run/netconfig/chrony.servers to
fix bsc#1099272.
- Move chrony-helper to /usr/lib/chrony/helper, because there
should be no executables in /usr/share.
Update to version 3.4
* Enhancements
+ Add filter option to server/pool/peer directive
+ Add minsamples and maxsamples options to hwtimestamp directive
+ Add support for faster frequency adjustments in Linux 4.19
+ Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd
without root privileges to remove it on exit
+ Disable sub-second polling intervals for distant NTP sources
+ Extend range of supported sub-second polling intervals
+ Get/set IPv4 destination/source address of NTP packets on FreeBSD
+ Make burst options and command useful with short polling intervals
+ Modify auto_offline option to activate when sending request failed
+ Respond from interface that received NTP request if possible
+ Add onoffline command to switch between online and offline state
according to current system network configuration
+ Improve example NetworkManager dispatcher script
* Bug fixes
+ Avoid waiting in Linux getrandom system call
+ Fix PPS support on FreeBSD and NetBSD
Update to version 3.3
* Enhancements:
+ Add burst option to server/pool directive
+ Add stratum and tai options to refclock directive
+ Add support for Nettle crypto library
+ Add workaround for missing kernel receive timestamps on Linux
+ Wait for late hardware transmit timestamps
+ Improve source selection with unreachable sources
+ Improve protection against replay attacks on symmetric mode
+ Allow PHC refclock to use socket in /var/run/chrony
+ Add shutdown command to stop chronyd
+ Simplify format of response to manual list command
+ Improve handling of unknown responses in chronyc
* Bug fixes:
+ Respond to NTPv1 client requests with zero mode
+ Fix -x option to not require CAP_SYS_TIME under non-root user
+ Fix acquisitionport directive to work with privilege separation
+ Fix handling of socket errors on Linux to avoid high CPU usage
+ Fix chronyc to not get stuck in infinite loop after clock step
Patchnames
SUSE-2022-845,SUSE-SUSE-MicroOS-5.2-2022-845
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chrony",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chrony fixes the following issues:\n\nChrony was updated to 4.1, bringing features and bugfixes.\n\nUpdate to 4.1\n\n * Add support for NTS servers specified by IP address (matching\n Subject Alternative Name in server certificate)\n * Add source-specific configuration of trusted certificates\n * Allow multiple files and directories with trusted certificates\n * Allow multiple pairs of server keys and certificates\n * Add copy option to server/pool directive\n * Increase PPS lock limit to 40% of pulse interval\n * Perform source selection immediately after loading dump files\n * Reload dump files for addresses negotiated by NTS-KE server\n * Update seccomp filter and add less restrictive level\n * Restart ongoing name resolution on online command\n * Fix dump files to not include uncorrected offset\n * Fix initstepslew to accept time from own NTP clients\n * Reset NTP address and port when no longer negotiated by NTS-KE\n server\n\n- Ensure the correct pool packages are installed for openSUSE\n and SLE (bsc#1180689).\n- Fix pool package dependencies, so that SLE prefers chrony-pool-suse\n over chrony-pool-empty. (bsc#1194229)\n\n- Enable syscallfilter unconditionally [bsc#1181826].\n\nUpdate to 4.0\n\n - Enhancements\n\n - Add support for Network Time Security (NTS) authentication\n - Add support for AES-CMAC keys (AES128, AES256) with Nettle\n - Add authselectmode directive to control selection of\n unauthenticated sources\n - Add binddevice, bindacqdevice, bindcmddevice directives\n - Add confdir directive to better support fragmented\n configuration\n - Add sourcedir directive and \u0027reload sources\u0027 command to\n support dynamic NTP sources specified in files\n - Add clockprecision directive\n - Add dscp directive to set Differentiated Services Code Point\n (DSCP)\n - Add -L option to limit log messages by severity\n - Add -p option to print whole configuration with included\n files\n - Add -U option to allow start under non-root user\n - Allow maxsamples to be set to 1 for faster update with -q/-Q\n option\n - Avoid replacing NTP sources with sources that have\n unreachable address\n - Improve pools to repeat name resolution to get \u0027maxsources\u0027\n sources\n - Improve source selection with trusted sources\n - Improve NTP loop test to prevent synchronisation to itself\n - Repeat iburst when NTP source is switched from offline state\n to online\n - Update clock synchronisation status and leap status more\n frequently\n - Update seccomp filter\n - Add \u0027add pool\u0027 command\n - Add \u0027reset sources\u0027 command to drop all measurements\n - Add authdata command to print details about NTP\n authentication\n - Add selectdata command to print details about source\n selection\n - Add -N option and sourcename command to print original names\n of sources\n - Add -a option to some commands to print also unresolved\n sources\n - Add -k, -p, -r options to clients command to select, limit,\n reset data\n\n - Bug fixes\n\n - Don\u2019t set interface for NTP responses to allow asymmetric\n routing\n - Handle RTCs that don\u2019t support interrupts\n - Respond to command requests with correct address on\n multihomed hosts\n - Removed features\n - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)\n - Drop support for long (non-standard) MACs in NTPv4 packets\n (chrony 2.x clients using non-MD5/SHA1 keys need to use\n option \u0027version 3\u0027)\n - Drop support for line editing with GNU Readline\n\n- By default we don\u0027t write log files but log to journald, so\n only recommend logrotate.\n\n- Adjust and rename the sysconfig file, so that it matches the\n expectations of chronyd.service (bsc#1173277).\n\nUpdate to 3.5.1:\n\n * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)\n\n- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)\n\n- Use iburst in the default pool statements to speed up initial\n synchronisation (bsc#1172113).\n\n\n\n\nUpdate to 3.5:\n\n+ Add support for more accurate reading of PHC on Linux 5.0\n+ Add support for hardware timestamping on interfaces with read-only timestamping configuration\n+ Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris\n+ Update seccomp filter to work on more architectures\n+ Validate refclock driver options\n+ Fix bindaddress directive on FreeBSD\n+ Fix transposition of hardware RX timestamp on Linux 4.13 and later\n+ Fix building on non-glibc systems\n\n- Fix location of helper script in chrony-dnssrv@.service\n (bsc#1128846).\n\n\n- Read runtime servers from /var/run/netconfig/chrony.servers to\n fix bsc#1099272.\n- Move chrony-helper to /usr/lib/chrony/helper, because there\n should be no executables in /usr/share.\n\nUpdate to version 3.4\n\n * Enhancements\n\n + Add filter option to server/pool/peer directive\n + Add minsamples and maxsamples options to hwtimestamp directive\n + Add support for faster frequency adjustments in Linux 4.19\n + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd \n without root privileges to remove it on exit\n + Disable sub-second polling intervals for distant NTP sources\n + Extend range of supported sub-second polling intervals\n + Get/set IPv4 destination/source address of NTP packets on FreeBSD\n + Make burst options and command useful with short polling intervals\n + Modify auto_offline option to activate when sending request failed\n + Respond from interface that received NTP request if possible\n + Add onoffline command to switch between online and offline state \n according to current system network configuration\n + Improve example NetworkManager dispatcher script\n\n * Bug fixes\n\n + Avoid waiting in Linux getrandom system call\n + Fix PPS support on FreeBSD and NetBSD\n\nUpdate to version 3.3\n\n * Enhancements:\n\n + Add burst option to server/pool directive\n + Add stratum and tai options to refclock directive\n + Add support for Nettle crypto library\n + Add workaround for missing kernel receive timestamps on Linux\n + Wait for late hardware transmit timestamps\n + Improve source selection with unreachable sources\n + Improve protection against replay attacks on symmetric mode\n + Allow PHC refclock to use socket in /var/run/chrony\n + Add shutdown command to stop chronyd\n + Simplify format of response to manual list command\n + Improve handling of unknown responses in chronyc\n\n * Bug fixes:\n\n + Respond to NTPv1 client requests with zero mode\n + Fix -x option to not require CAP_SYS_TIME under non-root user\n + Fix acquisitionport directive to work with privilege separation\n + Fix handling of socket errors on Linux to avoid high CPU usage\n + Fix chronyc to not get stuck in infinite loop after clock step",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-845,SUSE-SUSE-MicroOS-5.2-2022-845",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_0845-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:0845-2",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220845-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:0845-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010756.html"
},
{
"category": "self",
"summary": "SUSE Bug 1099272",
"url": "https://bugzilla.suse.com/1099272"
},
{
"category": "self",
"summary": "SUSE Bug 1115529",
"url": "https://bugzilla.suse.com/1115529"
},
{
"category": "self",
"summary": "SUSE Bug 1128846",
"url": "https://bugzilla.suse.com/1128846"
},
{
"category": "self",
"summary": "SUSE Bug 1162964",
"url": "https://bugzilla.suse.com/1162964"
},
{
"category": "self",
"summary": "SUSE Bug 1172113",
"url": "https://bugzilla.suse.com/1172113"
},
{
"category": "self",
"summary": "SUSE Bug 1173277",
"url": "https://bugzilla.suse.com/1173277"
},
{
"category": "self",
"summary": "SUSE Bug 1174075",
"url": "https://bugzilla.suse.com/1174075"
},
{
"category": "self",
"summary": "SUSE Bug 1174911",
"url": "https://bugzilla.suse.com/1174911"
},
{
"category": "self",
"summary": "SUSE Bug 1180689",
"url": "https://bugzilla.suse.com/1180689"
},
{
"category": "self",
"summary": "SUSE Bug 1181826",
"url": "https://bugzilla.suse.com/1181826"
},
{
"category": "self",
"summary": "SUSE Bug 1187906",
"url": "https://bugzilla.suse.com/1187906"
},
{
"category": "self",
"summary": "SUSE Bug 1190926",
"url": "https://bugzilla.suse.com/1190926"
},
{
"category": "self",
"summary": "SUSE Bug 1194229",
"url": "https://bugzilla.suse.com/1194229"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14367 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14367/"
}
],
"title": "Security update for chrony",
"tracking": {
"current_release_date": "2022-04-19T19:08:44Z",
"generator": {
"date": "2022-04-19T19:08:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:0845-2",
"initial_release_date": "2022-04-19T19:08:44Z",
"revision_history": [
{
"date": "2022-04-19T19:08:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "augeas-1.10.1-3.9.1.aarch64",
"product": {
"name": "augeas-1.10.1-3.9.1.aarch64",
"product_id": "augeas-1.10.1-3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "augeas-devel-1.10.1-3.9.1.aarch64",
"product": {
"name": "augeas-devel-1.10.1-3.9.1.aarch64",
"product_id": "augeas-devel-1.10.1-3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "augeas-lense-tests-1.10.1-3.9.1.aarch64",
"product": {
"name": "augeas-lense-tests-1.10.1-3.9.1.aarch64",
"product_id": "augeas-lense-tests-1.10.1-3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "augeas-lenses-1.10.1-3.9.1.aarch64",
"product": {
"name": "augeas-lenses-1.10.1-3.9.1.aarch64",
"product_id": "augeas-lenses-1.10.1-3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "chrony-4.1-150300.16.3.1.aarch64",
"product": {
"name": "chrony-4.1-150300.16.3.1.aarch64",
"product_id": "chrony-4.1-150300.16.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libaugeas0-1.10.1-3.9.1.aarch64",
"product": {
"name": "libaugeas0-1.10.1-3.9.1.aarch64",
"product_id": "libaugeas0-1.10.1-3.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "augeas-devel-64bit-1.10.1-3.9.1.aarch64_ilp32",
"product": {
"name": "augeas-devel-64bit-1.10.1-3.9.1.aarch64_ilp32",
"product_id": "augeas-devel-64bit-1.10.1-3.9.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libaugeas0-64bit-1.10.1-3.9.1.aarch64_ilp32",
"product": {
"name": "libaugeas0-64bit-1.10.1-3.9.1.aarch64_ilp32",
"product_id": "libaugeas0-64bit-1.10.1-3.9.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "augeas-1.10.1-3.9.1.i586",
"product": {
"name": "augeas-1.10.1-3.9.1.i586",
"product_id": "augeas-1.10.1-3.9.1.i586"
}
},
{
"category": "product_version",
"name": "augeas-devel-1.10.1-3.9.1.i586",
"product": {
"name": "augeas-devel-1.10.1-3.9.1.i586",
"product_id": "augeas-devel-1.10.1-3.9.1.i586"
}
},
{
"category": "product_version",
"name": "augeas-lense-tests-1.10.1-3.9.1.i586",
"product": {
"name": "augeas-lense-tests-1.10.1-3.9.1.i586",
"product_id": "augeas-lense-tests-1.10.1-3.9.1.i586"
}
},
{
"category": "product_version",
"name": "augeas-lenses-1.10.1-3.9.1.i586",
"product": {
"name": "augeas-lenses-1.10.1-3.9.1.i586",
"product_id": "augeas-lenses-1.10.1-3.9.1.i586"
}
},
{
"category": "product_version",
"name": "chrony-4.1-150300.16.3.1.i586",
"product": {
"name": "chrony-4.1-150300.16.3.1.i586",
"product_id": "chrony-4.1-150300.16.3.1.i586"
}
},
{
"category": "product_version",
"name": "libaugeas0-1.10.1-3.9.1.i586",
"product": {
"name": "libaugeas0-1.10.1-3.9.1.i586",
"product_id": "libaugeas0-1.10.1-3.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "chrony-pool-empty-4.1-150300.16.3.1.noarch",
"product": {
"name": "chrony-pool-empty-4.1-150300.16.3.1.noarch",
"product_id": "chrony-pool-empty-4.1-150300.16.3.1.noarch"
}
},
{
"category": "product_version",
"name": "chrony-pool-openSUSE-4.1-150300.16.3.1.noarch",
"product": {
"name": "chrony-pool-openSUSE-4.1-150300.16.3.1.noarch",
"product_id": "chrony-pool-openSUSE-4.1-150300.16.3.1.noarch"
}
},
{
"category": "product_version",
"name": "chrony-pool-suse-4.1-150300.16.3.1.noarch",
"product": {
"name": "chrony-pool-suse-4.1-150300.16.3.1.noarch",
"product_id": "chrony-pool-suse-4.1-150300.16.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "augeas-1.10.1-3.9.1.ppc64le",
"product": {
"name": "augeas-1.10.1-3.9.1.ppc64le",
"product_id": "augeas-1.10.1-3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "augeas-devel-1.10.1-3.9.1.ppc64le",
"product": {
"name": "augeas-devel-1.10.1-3.9.1.ppc64le",
"product_id": "augeas-devel-1.10.1-3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "augeas-lense-tests-1.10.1-3.9.1.ppc64le",
"product": {
"name": "augeas-lense-tests-1.10.1-3.9.1.ppc64le",
"product_id": "augeas-lense-tests-1.10.1-3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "augeas-lenses-1.10.1-3.9.1.ppc64le",
"product": {
"name": "augeas-lenses-1.10.1-3.9.1.ppc64le",
"product_id": "augeas-lenses-1.10.1-3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "chrony-4.1-150300.16.3.1.ppc64le",
"product": {
"name": "chrony-4.1-150300.16.3.1.ppc64le",
"product_id": "chrony-4.1-150300.16.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libaugeas0-1.10.1-3.9.1.ppc64le",
"product": {
"name": "libaugeas0-1.10.1-3.9.1.ppc64le",
"product_id": "libaugeas0-1.10.1-3.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "augeas-1.10.1-3.9.1.s390x",
"product": {
"name": "augeas-1.10.1-3.9.1.s390x",
"product_id": "augeas-1.10.1-3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "augeas-devel-1.10.1-3.9.1.s390x",
"product": {
"name": "augeas-devel-1.10.1-3.9.1.s390x",
"product_id": "augeas-devel-1.10.1-3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "augeas-lense-tests-1.10.1-3.9.1.s390x",
"product": {
"name": "augeas-lense-tests-1.10.1-3.9.1.s390x",
"product_id": "augeas-lense-tests-1.10.1-3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "augeas-lenses-1.10.1-3.9.1.s390x",
"product": {
"name": "augeas-lenses-1.10.1-3.9.1.s390x",
"product_id": "augeas-lenses-1.10.1-3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "chrony-4.1-150300.16.3.1.s390x",
"product": {
"name": "chrony-4.1-150300.16.3.1.s390x",
"product_id": "chrony-4.1-150300.16.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libaugeas0-1.10.1-3.9.1.s390x",
"product": {
"name": "libaugeas0-1.10.1-3.9.1.s390x",
"product_id": "libaugeas0-1.10.1-3.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "augeas-1.10.1-3.9.1.x86_64",
"product": {
"name": "augeas-1.10.1-3.9.1.x86_64",
"product_id": "augeas-1.10.1-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "augeas-devel-1.10.1-3.9.1.x86_64",
"product": {
"name": "augeas-devel-1.10.1-3.9.1.x86_64",
"product_id": "augeas-devel-1.10.1-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "augeas-devel-32bit-1.10.1-3.9.1.x86_64",
"product": {
"name": "augeas-devel-32bit-1.10.1-3.9.1.x86_64",
"product_id": "augeas-devel-32bit-1.10.1-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "augeas-lense-tests-1.10.1-3.9.1.x86_64",
"product": {
"name": "augeas-lense-tests-1.10.1-3.9.1.x86_64",
"product_id": "augeas-lense-tests-1.10.1-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "augeas-lenses-1.10.1-3.9.1.x86_64",
"product": {
"name": "augeas-lenses-1.10.1-3.9.1.x86_64",
"product_id": "augeas-lenses-1.10.1-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "chrony-4.1-150300.16.3.1.x86_64",
"product": {
"name": "chrony-4.1-150300.16.3.1.x86_64",
"product_id": "chrony-4.1-150300.16.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libaugeas0-1.10.1-3.9.1.x86_64",
"product": {
"name": "libaugeas0-1.10.1-3.9.1.x86_64",
"product_id": "libaugeas0-1.10.1-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libaugeas0-32bit-1.10.1-3.9.1.x86_64",
"product": {
"name": "libaugeas0-32bit-1.10.1-3.9.1.x86_64",
"product_id": "libaugeas0-32bit-1.10.1-3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-1.10.1-3.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:augeas-1.10.1-3.9.1.aarch64"
},
"product_reference": "augeas-1.10.1-3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-1.10.1-3.9.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:augeas-1.10.1-3.9.1.s390x"
},
"product_reference": "augeas-1.10.1-3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-1.10.1-3.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:augeas-1.10.1-3.9.1.x86_64"
},
"product_reference": "augeas-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-lenses-1.10.1-3.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:augeas-lenses-1.10.1-3.9.1.aarch64"
},
"product_reference": "augeas-lenses-1.10.1-3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-lenses-1.10.1-3.9.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:augeas-lenses-1.10.1-3.9.1.s390x"
},
"product_reference": "augeas-lenses-1.10.1-3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-lenses-1.10.1-3.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:augeas-lenses-1.10.1-3.9.1.x86_64"
},
"product_reference": "augeas-lenses-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaugeas0-1.10.1-3.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libaugeas0-1.10.1-3.9.1.aarch64"
},
"product_reference": "libaugeas0-1.10.1-3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaugeas0-1.10.1-3.9.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libaugeas0-1.10.1-3.9.1.s390x"
},
"product_reference": "libaugeas0-1.10.1-3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaugeas0-1.10.1-3.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libaugeas0-1.10.1-3.9.1.x86_64"
},
"product_reference": "libaugeas0-1.10.1-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-14367",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14367"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it\u0027s opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.2:augeas-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:augeas-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:augeas-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:augeas-lenses-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:augeas-lenses-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:augeas-lenses-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libaugeas0-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libaugeas0-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libaugeas0-1.10.1-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14367",
"url": "https://www.suse.com/security/cve/CVE-2020-14367"
},
{
"category": "external",
"summary": "SUSE Bug 1174911 for CVE-2020-14367",
"url": "https://bugzilla.suse.com/1174911"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.2:augeas-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:augeas-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:augeas-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:augeas-lenses-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:augeas-lenses-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:augeas-lenses-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libaugeas0-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libaugeas0-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libaugeas0-1.10.1-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.2:augeas-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:augeas-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:augeas-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:augeas-lenses-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:augeas-lenses-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:augeas-lenses-1.10.1-3.9.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libaugeas0-1.10.1-3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libaugeas0-1.10.1-3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libaugeas0-1.10.1-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-19T19:08:44Z",
"details": "moderate"
}
],
"title": "CVE-2020-14367"
}
]
}
fkie_cve-2020-14367
Vulnerability from fkie_nvd
Published
2020-08-24 15:15
Modified
2024-11-21 05:03
Severity ?
Summary
A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tuxfamily | chrony | * | |
| fedoraproject | fedora | 32 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tuxfamily:chrony:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F980BBFC-8646-4381-8518-40720665FAB7",
"versionEndExcluding": "3.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it\u0027s opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal."
},
{
"lang": "es",
"value": "Se detect\u00f3 un fallo en chrony versiones anteriores a 3.5.1, al crear el archivo PID en la carpeta /var/run/chrony. El archivo es creado durante el inicio de chronyd mientras a\u00fan se ejecuta como usuario root, y cuando se abre para escritura, chronyd no busca un enlace simb\u00f3lico existente con el mismo nombre de archivo. Este fallo permite a un atacante con acceso privilegiado crear un enlace simb\u00f3lico con el nombre de archivo PID predeterminado apuntando a cualquier archivo de destino en el sistema, resultando en la p\u00e9rdida de datos y una denegaci\u00f3n de servicio debido a un salto de ruta."
}
],
"id": "CVE-2020-14367",
"lastModified": "2024-11-21T05:03:06.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-24T15:15:13.147",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1870298"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WKABKNLCSC3MACCWU6OM2YGWVWFWFMU/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202008-23"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4475-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1870298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WKABKNLCSC3MACCWU6OM2YGWVWFWFMU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202008-23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4475-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…