Projects / chrony

chrony

chrony is a client and server for the Network Time Protocol (NTP). This program keeps your computer's clock accurate. It was specially designed to support systems with intermittent Internet connections, but it also works well in permanently connected environments. It can also use hardware reference clocks, the system real-time clock, or manual input as time references.

Tags
Licenses
Operating Systems
Implementation

RSS Recent releases

  •  31 Jan 2014 19:49

Release Notes: The chrony control protocol was modified to prevent amplification attacks (CVE-2014-0021).

  •  08 Aug 2013 19:33

Release Notes: Two security vulnerabilities were fixed: a crash when processing crafted commands (CVE-2012-4502) and uninitialized data sent in command replies (CVE-2012-4503).

Release Notes: Combining of measurements from multiple sources was implemented, an option to generate command keys was added, an option to authenticate chronyc automatically was added, compatibility with NTPv1 and NTPv2 clients was improved, and other improvements and bugfixes were made.

  •  01 Feb 2013 21:59

    Release Notes: Support for stronger authentication via NSS or libtomcrypt has been added, reports printed by chronyc have been extended, and other improvements and bugfixes have been made.

    •  13 Jul 2011 20:34

    Release Notes: Compatibility with Linux kernel 3.0 was added, replying on multi-homed IPv6 hosts was fixed, and other minor bugfixes and improvements were made.

    RSS Recent comments

    09 Feb 2010 15:56 jhasler Thumbs up

    Chrony 1.24 is now available. It includes the following improvements and
    new features:

    * Support for reference clocks (SHM, SOCK, PPS drivers)
    * IPv6 support
    * Linux capabilities support (to drop root privileges)
    * Memory locking support on Linux
    * Real-time scheduler support on Linux
    * Leap second support on Linux
    * Support for editline
    * Many bug fixes and improvements

    This is suitable for production use.

    Download the tarball from the "Download" page at
    .

    09 Feb 2010 15:56 jhasler Thumbs up

    ------------------------------------------------------------------------
    Chrony Security Advisory jhasler@chrony.tuxfami...
    www.chrony.tuxfamily.org
    February 04, 2010
    ------------------------------------------------------------------------

    Package : chrony
    Vulnerability : denial of service
    Problem type : remote
    Version-specific: no
    CVE IDs : CVE-2010-0292 CVE-2010-0293 CVE-2010-0294

    Several vulnerabilities have been discovered in chronyd, the Chrony NTP
    server/client. These bugs can be exploited for a remote denial of service.
    The Common Vulnerabilities and Exposures project identifies the following
    problems:

    CVE-2010-0292
    chronyd replies to all cmdmon packets from unauthorized hosts with
    NOHOSTACCESS message. This can be used to create a loop between two chrony
    daemons which don't allow cmdmon access from each other by sending a packet
    with spoofed source address and port. This will cause high CPU, network and
    syslog usage.

    FIX: Don't reply to invalid cmdmon packets

    CVE-2010-0293
    The client logging facility doesn't limit memory which is used to keep
    informations about clients. If chronyd is configured to allow access
    from a large IP address range, an attacker can cause chronyd to
    allocate large amount of memory by sending NTP or cmdmon packets with
    spoofed source addresses. By default only 127.0.0.1 is allowed.

    FIX: Limit client log memory size

    CVE-2010-0294
    There are several ways that an attacker can make chronyd log messages and
    possibly fill up disk space. The rate for these messages should be limited.

    FIX: Limit rate of syslog messages

    These bugs have been fixed in the new Chrony 1.24 release and in Chrony
    1.23.1, both available for download at www.chrony.tuxfamily.org.
    Patches are available from the Git repository on the Web site.

    We recommend that you upgrade your Chrony package to version 1.24. If you
    cannot upgrade because you need compatibility with the old cmdmon protocol
    upgrade to 1.23.1. Upgrade via your distribution's repositories if
    possible: they should have patched versions available shortly.

    Screenshot

    Project Spotlight

    SBuild

    A Scala-based build system.

    Screenshot

    Project Spotlight

    Code Browser

    A folding text editor.