Security update for chrony

Announcement ID:	SUSE-SU-2025:3868-1
Release Date:	2025-10-30T13:44:59Z
Rating:	moderate
References:	bsc#1194220 bsc#1194229 bsc#1213551 bsc#1246544
Affected Products:	SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that has four security fixes can now be installed.

Description:

This update for chrony fixes the following issues:

Security issues fixed: - Race condition during socket creation by chronyc allows privilege escalation from user chrony to root (bsc#1246544).

Other issues fixed: - Improve connection retry intervals when facing NTS-KE related issues (bsc#1213551). * nts: use shorter NTS-KE retry interval when network is down. * ntp: don't adjust poll interval when waiting for NTS-KE.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3868=1

Package List:

• SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64)
  • chrony-4.1-5.12.1
  • chrony-debuginfo-4.1-5.12.1
  • chrony-debugsource-4.1-5.12.1

References:

• https://bugzilla.suse.com/show_bug.cgi?id=1194220
• https://bugzilla.suse.com/show_bug.cgi?id=1194229
• https://bugzilla.suse.com/show_bug.cgi?id=1213551
• https://bugzilla.suse.com/show_bug.cgi?id=1246544