Source: chrony Version: 1.30-2 Severity: important Tags: security upstream fixed-upstream
Hi, the following vulnerability was published for chrony. CVE-2016-1567[0]: | chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer | associations of symmetric keys when authenticating packets, which | might allow remote attackers to conduct impersonation attacks via an | arbitrary trusted key, aka a "skeleton key." If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-1567 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
