buildroot/package/chrony
Peter Korsgaard 15484553f3 package/chrony: security bump to version 3.5.1
Fixes the following security issues:

CVE-2020-14367: Insecure writing of pidfile
-------------------------------------------

When chronyd is configured to save the pidfile in a directory where the
chrony user has write permissions (e.g. /var/run/chrony - the default
since chrony-3.4), an attacker that compromised the chrony user account
could create a symbolic link at the location of the pidfile to make
chronyd starting with root privileges follow the symlink and write its
process ID to a file for which the chrony user doesn't have write
permissions, causing a denial of service, or data loss.

This issue was reported by Matthias Gerstner of SUSE.

For further details, see the oss-security posting:
https://www.openwall.com/lists/oss-security/2020/08/21/1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-08-23 15:30:55 +02:00
..
chrony.hash package/chrony: security bump to version 3.5.1 2020-08-23 15:30:55 +02:00
chrony.mk package/chrony: security bump to version 3.5.1 2020-08-23 15:30:55 +02:00
chrony.service
Config.in
S49chrony