SUSE-SU-2021:2472-1

Опубликовано: 27 июл. 2021

Источник: suse-cvrf

Описание

Security update for linuxptp

This update for linuxptp fixes the following issues:

CVE-2021-3570: Validate the messageLength field of incoming messages. (bsc#1187646)

Список пакетов

SUSE Enterprise Storage 6

linuxptp-1.8+git65.g303b08c-3.3.1

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

linuxptp-1.8+git65.g303b08c-3.3.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

linuxptp-1.8+git65.g303b08c-3.3.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS

linuxptp-1.8+git65.g303b08c-3.3.1

SUSE Linux Enterprise High Performance Computing 15-LTSS

linuxptp-1.8+git65.g303b08c-3.3.1

SUSE Linux Enterprise Module for Server Applications 15 SP2

linuxptp-1.8+git65.g303b08c-3.3.1

SUSE Linux Enterprise Server 15 SP1-BCL

linuxptp-1.8+git65.g303b08c-3.3.1

SUSE Linux Enterprise Server 15 SP1-LTSS

linuxptp-1.8+git65.g303b08c-3.3.1

SUSE Linux Enterprise Server 15-LTSS

linuxptp-1.8+git65.g303b08c-3.3.1

SUSE Linux Enterprise Server for SAP Applications 15

linuxptp-1.8+git65.g303b08c-3.3.1

SUSE Linux Enterprise Server for SAP Applications 15 SP1

linuxptp-1.8+git65.g303b08c-3.3.1

SUSE Manager Proxy 4.0

linuxptp-1.8+git65.g303b08c-3.3.1

SUSE Manager Retail Branch Server 4.0

linuxptp-1.8+git65.g303b08c-3.3.1

SUSE Manager Server 4.0

linuxptp-1.8+git65.g303b08c-3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20212472-1/
Link for SUSE-SU-2021:2472-1
https://lists.suse.com/pipermail/sle-security-updates/2021-July/009215.html
E-Mail link for SUSE-SU-2021:2472-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1187646
SUSE Bug 1187646
https://www.suse.com/security/cve/CVE-2021-3570/
SUSE CVE CVE-2021-3570 page

Описание

A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.

Затронутые продукты

SUSE Enterprise Storage 6:linuxptp-1.8+git65.g303b08c-3.3.1

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:linuxptp-1.8+git65.g303b08c-3.3.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:linuxptp-1.8+git65.g303b08c-3.3.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS:linuxptp-1.8+git65.g303b08c-3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-3570.html
CVE-2021-3570
https://bugzilla.suse.com/1187646
SUSE Bug 1187646

SUSE-SU-2021:2472-1

Описание

Список пакетов

SUSE Enterprise Storage 6

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise Module for Server Applications 15 SP2

SUSE Linux Enterprise Server 15 SP1-BCL

SUSE Linux Enterprise Server 15 SP1-LTSS

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Server for SAP Applications 15

SUSE Linux Enterprise Server for SAP Applications 15 SP1

SUSE Manager Proxy 4.0

SUSE Manager Retail Branch Server 4.0

SUSE Manager Server 4.0

Ссылки

Уязвимость: CVE-2021-3570

Описание

Затронутые продукты

Ссылки