Red Hat Security Advisory 2015-2241-03 - The chrony suite, chronyd and chronyc, is an advanced implementation of the Network Time Protocol, specially designed to support systems with intermittent connections. It can synchronize the system clock with NTP servers, hardware reference clocks, and manual input. It can also operate as an NTPv4 server or peer to provide a time service to other computers in the network. An out-of-bounds write flaw was found in the way chrony stored certain addresses when configuring NTP or cmdmon access. An attacker that has the command key and is allowed to access cmdmon could use this flaw to crash chronyd or, possibly, execute arbitrary code with the privileges of the chronyd process.
9dcd1e723bb8317bbfc69f9f7175740614fd51f6bffa6bfacdfedd26b82d3eb2
Gentoo Linux Security Advisory 201507-1 - Multiple vulnerabilities have been found in chrony, the worst of which can cause arbitrary code execution. Versions less than 1.31.1 are affected.
2beceab188b5a326f8c1949abab1b3e4e637e4803c1a30abe30fe93b67a275bb
Debian Linux Security Advisory 3222-1 - Miroslav Lichvar of Red Hat discovered multiple vulnerabilities in chrony, an alternative NTP client and server.
4322d7113061b959d9091b6bf8f6bac42fe6ec571c0c5ae8e3403642e50ba4f9