MGASA-2016-0038

Source
https://advisories.mageia.org/MGASA-2016-0038.html
Import Source
https://advisories.mageia.org/MGASA-2016-0038.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2016-0038
Related
Published
2016-01-29T11:02:50Z
Modified
2016-01-29T10:53:41Z
Summary
Updated chrony packages fix security vulnerability
Details

In chrony before 1.31.2, when used with symmetric key encryption, the client would accept packets encrypted with keys for any configured server, allowing a server to impersonate other servers to clients, thus performing a man-in-the-middle attack (CVE-2016-1567).

References
Credits

Affected packages

Mageia:5 / chrony

Package

Name
chrony
Purl
pkg:rpm/mageia/chrony?distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.31.2-1.mga5

Ecosystem specific

{
    "section": "core"
}