Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2014-0021

created 1 month ago

Chrony before 1.29.1 has traffic amplification in cmdmon protocol

Chrony before 1.29.1 has traffic amplification in cmdmon protocol

References

https://security-tracker.debian.org/tracker/CVE-2014-0021 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0021 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2014/01/18/2 x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127837.… x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128753.… x_refsource_MISC
http://www.openwall.com/lists/oss-security/2014/01/17/9 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2014/01/18/1 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2014/01/18/3 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2014/01/19/1 x_refsource_MISC
http://www.securityfocus.com/bid/65035 x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/90925 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2014/01/17/9 x_refsource_MISC x_transferred
http://www.openwall.com/lists/oss-security/2014/01/18/1 x_refsource_MISC x_transferred
http://www.openwall.com/lists/oss-security/2014/01/18/3 x_refsource_MISC x_transferred
http://www.openwall.com/lists/oss-security/2014/01/19/1 x_refsource_MISC x_transferred
http://www.securityfocus.com/bid/65035 x_refsource_MISC x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/90925 x_refsource_MISC x_transferred
https://security-tracker.debian.org/tracker/CVE-2014-0021 x_refsource_MISC x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0021 x_refsource_MISC x_transferred
http://www.openwall.com/lists/oss-security/2014/01/18/2 x_refsource_MISC x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127837.… x_refsource_MISC x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128753.… x_refsource_MISC x_transferred
http://www.openwall.com/lists/oss-security/2014/01/17/9 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2014/01/18/1 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2014/01/18/3 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2014/01/19/1 x_refsource_MISC
http://www.securityfocus.com/bid/65035 x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/90925 x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2014-0021 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0021 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2014/01/18/2 x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127837.… x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128753.… x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2014-0021 x_refsource_MISC x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0021 x_refsource_MISC x_transferred
http://www.openwall.com/lists/oss-security/2014/01/18/2 x_refsource_MISC x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127837.… x_refsource_MISC x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128753.… x_refsource_MISC x_transferred
http://www.openwall.com/lists/oss-security/2014/01/17/9 x_refsource_MISC x_transferred
http://www.openwall.com/lists/oss-security/2014/01/18/1 x_refsource_MISC x_transferred
http://www.openwall.com/lists/oss-security/2014/01/18/3 x_refsource_MISC x_transferred
http://www.openwall.com/lists/oss-security/2014/01/19/1 x_refsource_MISC x_transferred
http://www.securityfocus.com/bid/65035 x_refsource_MISC x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/90925 x_refsource_MISC x_transferred

Affected products

Chrony

==Fixed in 1.29.1

Matching in nixpkgs

pkgs.chrony

Sets your computer's clock from time servers on the Net

nixos-unstable 4.8
- nixpkgs-unstable 4.8
- nixos-unstable-small 4.8
nixos-25.11 4.8
- nixos-25.11-small 4.8
- nixpkgs-25.11-darwin 4.8

pkgs.synchrony

Simple deobfuscator for mangled or obfuscated JavaScript files

nixos-unstable 2.4.5
- nixpkgs-unstable 2.4.5
- nixos-unstable-small 2.4.5
nixos-25.11 2.4.5
- nixos-25.11-small 2.4.5
- nixpkgs-25.11-darwin 2.4.5

pkgs.prometheus-chrony-exporter

Prometheus exporter for the chrony NTP service

nixos-unstable 0.12.3
- nixpkgs-unstable 0.12.3
- nixos-unstable-small 0.12.3
nixos-25.11 0.12.2
- nixos-25.11-small 0.12.2
- nixpkgs-25.11-darwin 0.12.2

Package maintainers

@fpletz Franz Pletz <fpletz@fnordicwalking.de>
@vifino Adrian Pistol <vifino@tty.sh>
@thoughtpolice Austin Seipp <aseipp@pobox.com>
@paepckehh Michael Paepcke <git@paepcke.de>
@pluiedev Leah Amelia Chen <hi@pluie.me>