Miroslav Lichvar
2017-09-15 13:17:36 UTC
I have some good news. The chrony source code was recently audited by
Cure53. The audit was organized by Mozilla and funded by the Linux
Foundation's Core Infrastructure Initiative (CII).
The report is available here:
https://wiki.mozilla.org/images/e/e4/Chrony-report.pdf
In summary, the audit found only two minor issues, which could
theoretically be exploited in future, but didn't have a security impact
in the current code. Both issues were fixed in chrony-3.2-pre2.
Cure53. The audit was organized by Mozilla and funded by the Linux
Foundation's Core Infrastructure Initiative (CII).
The report is available here:
https://wiki.mozilla.org/images/e/e4/Chrony-report.pdf
In summary, the audit found only two minor issues, which could
theoretically be exploited in future, but didn't have a security impact
in the current code. Both issues were fixed in chrony-3.2-pre2.
--
Miroslav Lichvar
Miroslav Lichvar