{"affected":[{"ecosystem_specific":{"binaries":[{"chrony":"4.8-slfo.1.1_1.1","chrony-pool-empty":"4.8-slfo.1.1_1.1","chrony-pool-suse":"4.8-slfo.1.1_1.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.1","name":"chrony","purl":"pkg:rpm/suse/chrony&distro=SUSE%20Linux%20Micro%206.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.8-slfo.1.1_1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for chrony fixes the following issues:\n\n- Update to version 4.8:\n  * Add maxunreach option to limit selection of unreachable sources\n  * Add -u option to chronyc to drop root privileges (default\n    chronyc user is set by configure script)\n  * Fix refclock extpps option to work on Linux >= 6.15\n  * Validate refclock samples for reachability updates\n\n- Fix racy socket creation which allows privilege escalation to root (bsc#1246544)\n\n- Update to version 4.7:\n  * Add opencommands directive to select remote monitoring\n    commands\n  * Add interval option to driftfile directive\n  * Add waitsynced and waitunsynced options to local directive\n  * Add sanity checks for integer values in configuration\n  * Add support for systemd Type=notify service\n  * Add RTC refclock driver\n  * Allow PHC refclock to be specified with network interface name\n  * Don’t require multiple refclock samples per poll to simplify\n    filter configuration\n  * Keep refclock reachable when dropping samples with large delay\n  * Improve quantile-based filtering to adapt faster to larger\n    delay\n  * Improve logging of selection failures\n  * Detect clock interference from other processes\n  * Try to reopen message log (-l option) on cyclelogs command\n  * Fix sourcedir reloading to not multiply sources\n  * Fix tracking offset after failed clock step\n  * Drop support for NTS with Nettle < 3.6 and GnuTLS < 3.6.14\n  * Drop support for building without POSIX threads\n\n- Update to version 4.6.1:\n  * Add ntsaeads directive to enable only selected AEAD algorithms\n    for NTS.\n  * Negotiate use of compliant NTS keys with AES-128-GCM-SIV AEAD\n    algorithm.\n  * Switch to compliant NTS keys if first response from server is\n    NTS NAK.\n\n- Drop rcFOO symlinks for CODE16 (PED-266).\n\n- Update to version 4.6:\n  * Add activate option to local directive to set activation threshold\n  * Add ipv4 and ipv6 options to server/pool/peer directive\n  * Add kod option to ratelimit directive for server KoD RATE support\n  * Add leapseclist directive to read NIST/IERS leap-seconds.list file\n  * Add ptpdomain directive to set PTP domain for NTP over PTP\n  * Allow disabling pidfile\n  * Improve copy server option to accept unsynchronised status instantly\n  * Log one selection failure on start\n  * Add offset command to modify source offset correction\n  * Add timestamp sources to ntpdata report\n  * Fix crash on sources reload during initstepslew or RTC initialisation\n  * Fix source refreshment to not repeat failed name resolving attempts\n","id":"SUSE-SU-2025:20862-1","modified":"2025-10-17T12:05:08Z","published":"2025-10-17T12:05:08Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202520862-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246544"}],"related":[],"summary":"Security update for chrony","upstream":[]}