PT-2025-54902 · Suse · Chrony

Published

2025-10-17

·

Updated

2025-10-17

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
This update for chrony fixes the following issues:
  • Update to version 4.8:
  • Add maxunreach option to limit selection of unreachable sources
  • Add -u option to chronyc to drop root privileges (default chronyc user is set by configure script)
  • Fix refclock extpps option to work on Linux >= 6.15
  • Validate refclock samples for reachability updates
  • Fix racy socket creation which allows privilege escalation to root (bsc#1246544)
  • Update to version 4.7:
  • Add opencommands directive to select remote monitoring commands
  • Add interval option to driftfile directive
  • Add waitsynced and waitunsynced options to local directive
  • Add sanity checks for integer values in configuration
  • Add support for systemd Type=notify service
  • Add RTC refclock driver
  • Allow PHC refclock to be specified with network interface name
  • Don’t require multiple refclock samples per poll to simplify filter configuration
  • Keep refclock reachable when dropping samples with large delay
  • Improve quantile-based filtering to adapt faster to larger delay
  • Improve logging of selection failures
  • Detect clock interference from other processes
  • Try to reopen message log (-l option) on cyclelogs command
  • Fix sourcedir reloading to not multiply sources
  • Fix tracking offset after failed clock step
  • Drop support for NTS with Nettle < 3.6 and GnuTLS < 3.6.14
  • Drop support for building without POSIX threads
  • Update to version 4.6.1:
  • Add ntsaeads directive to enable only selected AEAD algorithms for NTS.
  • Negotiate use of compliant NTS keys with AES-128-GCM-SIV AEAD algorithm.
  • Switch to compliant NTS keys if first response from server is NTS NAK.
  • Drop rcFOO symlinks for CODE16 (PED-266).
  • Update to version 4.6:
  • Add activate option to local directive to set activation threshold
  • Add ipv4 and ipv6 options to server/pool/peer directive
  • Add kod option to ratelimit directive for server KoD RATE support
  • Add leapseclist directive to read NIST/IERS leap-seconds.list file
  • Add ptpdomain directive to set PTP domain for NTP over PTP
  • Allow disabling pidfile
  • Improve copy server option to accept unsynchronised status instantly
  • Log one selection failure on start
  • Add offset command to modify source offset correction
  • Add timestamp sources to ntpdata report
  • Fix crash on sources reload during initstepslew or RTC initialisation
  • Fix source refreshment to not repeat failed name resolving attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

SUSE-SU-2025:20862-1

Affected Products

Chrony