Projects / chrony

chrony

chrony is a client and server for the Network Time Protocol (NTP). This program keeps your computer's clock accurate. It was specially designed to support systems with intermittent Internet connections, but it also works well in permanently connected environments. It can also use hardware reference clocks, the system real-time clock, or manual input as time references.

Tags
Licenses
Operating Systems
Implementation

Recent releases

  •  31 Jan 2014 16:55

    Release Notes: The chrony control protocol was modified to prevent amplification attacks (CVE-2014-0021).

    •  08 Aug 2013 16:08

      Release Notes: Two security vulnerabilities were fixed: a crash when processing crafted commands (CVE-2012-4502) and uninitialized data sent in command replies (CVE-2012-4503).

      •  17 Jul 2013 16:47

        Release Notes: Combining of measurements from multiple sources was implemented, an option to generate command keys was added, an option to authenticate chronyc automatically was added, compatibility with NTPv1 and NTPv2 clients was improved, and other improvements and bugfixes were made.

        •  01 Feb 2013 18:39

          Release Notes: Support for stronger authentication via NSS or libtomcrypt has been added, reports printed by chronyc have been extended, and other improvements and bugfixes have been made.

          •  13 Jul 2011 14:43

            Release Notes: Compatibility with Linux kernel 3.0 was added, replying on multi-homed IPv6 hosts was fixed, and other minor bugfixes and improvements were made.

            Recent comments

            09 Feb 2010 15:56 jhasler

            Chrony 1.24 is now available. It includes the following improvements and
            new features:

            * Support for reference clocks (SHM, SOCK, PPS drivers)
            * IPv6 support
            * Linux capabilities support (to drop root privileges)
            * Memory locking support on Linux
            * Real-time scheduler support on Linux
            * Leap second support on Linux
            * Support for editline
            * Many bug fixes and improvements

            This is suitable for production use.

            Download the tarball from the "Download" page at
            <http://chrony.tuxfamily.org>.

            09 Feb 2010 15:56 jhasler

            ------------------------------------------------------------------------
            Chrony Security Advisory jhasler@chrony.tuxfamily.org
            http://www.chrony.tuxfamily.org
            February 04, 2010
            ------------------------------------------------------------------------

            Package : chrony
            Vulnerability : denial of service
            Problem type : remote
            Version-specific: no
            CVE IDs : CVE-2010-0292 CVE-2010-0293 CVE-2010-0294

            Several vulnerabilities have been discovered in chronyd, the Chrony NTP
            server/client. These bugs can be exploited for a remote denial of service.
            The Common Vulnerabilities and Exposures project identifies the following
            problems:

            CVE-2010-0292
            chronyd replies to all cmdmon packets from unauthorized hosts with
            NOHOSTACCESS message. This can be used to create a loop between two chrony
            daemons which don't allow cmdmon access from each other by sending a packet
            with spoofed source address and port. This will cause high CPU, network and
            syslog usage.

            FIX: Don't reply to invalid cmdmon packets

            CVE-2010-0293
            The client logging facility doesn't limit memory which is used to keep
            informations about clients. If chronyd is configured to allow access
            from a large IP address range, an attacker can cause chronyd to
            allocate large amount of memory by sending NTP or cmdmon packets with
            spoofed source addresses. By default only 127.0.0.1 is allowed.

            FIX: Limit client log memory size

            CVE-2010-0294
            There are several ways that an attacker can make chronyd log messages and
            possibly fill up disk space. The rate for these messages should be limited.

            FIX: Limit rate of syslog messages

            These bugs have been fixed in the new Chrony 1.24 release and in Chrony
            1.23.1, both available for download at http://www.chrony.tuxfamily.org.
            Patches are available from the Git repository on the Web site.

            We recommend that you upgrade your Chrony package to version 1.24. If you
            cannot upgrade because you need compatibility with the old cmdmon protocol
            upgrade to 1.23.1. Upgrade via your distribution's repositories if
            possible: they should have patched versions available shortly.

            Screenshot

            Project Spotlight

            OpenStack4j

            A Fluent OpenStack client API for Java.

            Screenshot

            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.