Upstream has released version 1.31.2 on January 20, fixing a security issue: http://chrony.tuxfamily.org/news.html#_20_jan_2016_chrony_2_2_1_and_chrony_1_31_2_released Updated packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated chrony package fixes security vulnerability: In chrony before 1.31.2, when used with symmetric key encryption, the client would accept packets encrypted with keys for any configured server, allowing a server to impersonate other servers to clients, thus performing a man-in- the-middle attack (CVE-2016-1567). References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1567 http://chrony.tuxfamily.org/news.html#_20_jan_2016_chrony_2_2_1_and_chrony_1_31_2_released http://www.talosintel.com/reports/TALOS-2016-0071/ ======================== Updated packages in core/updates_testing: ======================== chrony-1.31.2-1.mga5 from chrony-1.31.2-1.mga5.src.rpm Reproducible: Steps to Reproduce:
Fedora has issued an advisory for this on January 23: https://lists.fedoraproject.org/pipermail/package-announce/2016-January/175969.html Advisory: ======================== Updated chrony package fixes security vulnerability: In chrony before 1.31.2, when used with symmetric key encryption, the client would accept packets encrypted with keys for any configured server, allowing a server to impersonate other servers to clients, thus performing a man-in- the-middle attack (CVE-2016-1567). References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1567 http://chrony.tuxfamily.org/news.html#_20_jan_2016_chrony_2_2_1_and_chrony_1_31_2_released http://www.talosintel.com/reports/TALOS-2016-0071/ https://lists.fedoraproject.org/pipermail/package-announce/2016-January/175969.html
URL: (none) => http://lwn.net/Vulnerabilities/673463/
Working fine on Mageia 5 i586. You can use "chronyc sources" (as root) to verify that it's synchronized with your configured ntp server(s).
Whiteboard: (none) => has_procedure MGA5-32-OK
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0038.html
Status: NEW => RESOLVEDResolution: (none) => FIXED