Debian Security Advisory
DLA-742-1 chrony -- LTS security update
- Date Reported:
- 13 Dec 2016
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 812923, Bug 568492.
In Mitre's CVE dictionary: CVE-2016-1567.
- More information:
It was discovered that Chrony, a versatile implementation of the Network Time Protocol, did not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
This update also resolves Debian bug #568492.
For Debian 7
Wheezy, these problems have been fixed in version 1.24-3.1+deb7u4.
We recommend that you upgrade your chrony packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS