MGASA-2016-0038

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0038.html

Import Source

https://advisories.mageia.org/MGASA-2016-0038.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2016-0038

Related

CVE-2016-1567

Published

2016-01-29T11:02:50Z

Modified

2016-01-29T10:53:41Z

Summary

Updated chrony packages fix security vulnerability

Details

In chrony before 1.31.2, when used with symmetric key encryption, the client would accept packets encrypted with keys for any configured server, allowing a server to impersonate other servers to clients, thus performing a man-in-the-middle attack (CVE-2016-1567).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / chrony

Package

Name: chrony
Purl: pkg:rpm/mageia/chrony?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.31.2-1.mga5

Ecosystem specific

{
    "section": "core"
}