Описание
Security update for linuxptp
This update for linuxptp fixes the following issues:
- CVE-2021-3570: Validate the messageLength field of incoming messages. (bsc#1187646)
Список пакетов
HPE Helion OpenStack 8
linuxptp-1.4-15.3.1
SUSE Linux Enterprise Server 12 SP2-BCL
linuxptp-1.4-15.3.1
SUSE Linux Enterprise Server 12 SP3-BCL
linuxptp-1.4-15.3.1
SUSE Linux Enterprise Server 12 SP3-LTSS
linuxptp-1.4-15.3.1
SUSE Linux Enterprise Server 12 SP4-LTSS
linuxptp-1.4-15.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
linuxptp-1.4-15.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
linuxptp-1.4-15.3.1
SUSE OpenStack Cloud 8
linuxptp-1.4-15.3.1
SUSE OpenStack Cloud 9
linuxptp-1.4-15.3.1
SUSE OpenStack Cloud Crowbar 8
linuxptp-1.4-15.3.1
SUSE OpenStack Cloud Crowbar 9
linuxptp-1.4-15.3.1
Ссылки
- Link for SUSE-SU-2021:2443-1
- E-Mail link for SUSE-SU-2021:2443-1
- SUSE Security Ratings
- SUSE Bug 1187646
- SUSE CVE CVE-2021-3570 page
Описание
A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.
Затронутые продукты
HPE Helion OpenStack 8:linuxptp-1.4-15.3.1
SUSE Linux Enterprise Server 12 SP2-BCL:linuxptp-1.4-15.3.1
SUSE Linux Enterprise Server 12 SP3-BCL:linuxptp-1.4-15.3.1
SUSE Linux Enterprise Server 12 SP3-LTSS:linuxptp-1.4-15.3.1
Ссылки
- CVE-2021-3570
- SUSE Bug 1187646