CVE-2010-0293 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0293): The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets.
CVE-2010-0294 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0294): chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service (disk consumption) via a large number of invalid packets.
*** Bug 308037 has been marked as a duplicate of this bug. ***
CVE-2010-0292 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0292): The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a related issue to CVE-2009-3563.
1.24 is in the tree now.
x86 stable
ppc done
Stable for HPPA.
amd64 stable
sparc stable
All arches done.
Vote: NO.
NO too, closing noglsa.