[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 414-1] chrony security update

Package        : chrony
Version        : 1.24-3+squeeze3
CVE ID         : CVE-2016-1567
Debian Bug     : 812923

chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer
associations of symmetric keys when authenticating packets, which might
allow remote attackers to conduct impersonation attacks via an arbitrary
trusted key, aka a "skeleton key."

Attachment: signature.asc
Description: Digital signature

Reply to: