Описание
Security update for linuxptp
This update for linuxptp fixes the following issues:
- CVE-2021-3570: Validate the messageLength field of incoming messages. (bsc#1187646)
Список пакетов
SUSE Linux Enterprise Server 12 SP5
linuxptp-1.8+git65.g303b08c-3.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
linuxptp-1.8+git65.g303b08c-3.3.1
Ссылки
- Link for SUSE-SU-2021:2545-1
- E-Mail link for SUSE-SU-2021:2545-1
- SUSE Security Ratings
- SUSE Bug 1187646
- SUSE CVE CVE-2021-3570 page
Описание
A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:linuxptp-1.8+git65.g303b08c-3.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:linuxptp-1.8+git65.g303b08c-3.3.1
Ссылки
- CVE-2021-3570
- SUSE Bug 1187646