Debian Security Advisory

DLA-414-1 chrony -- LTS security update

Date Reported:
12 Feb 2016
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 812923.
In Mitre's CVE dictionary: CVE-2016-1567.
More information:

chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."