Summary: | <net-misc/chrony-2.2.1 Impersonation between authenticated peers (CVE-2016-1567) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Jeroen Roovers (RETIRED)
2016-01-22 04:42:11 UTC
Arch teams, please test and mark stable: =net-misc/chrony-2.2.1 Targeted stable KEYWORDS : amd64 hppa ppc ppc64 sparc x86 Stable for HPPA PPC64. amd64 stable x86 stable ppc stable sparc stable. Maintainer(s), please cleanup. Security, please vote. CVE-2016-1567 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1567): chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." GLSA Vote: No |