[SECURITY] [DLA 2723-1] linuxptp security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2723-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
July 31, 2021 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : linuxptp
Version : 1.8-1+deb9u1
CVE ID : CVE-2021-3570
Miroslav Lichvar reported that the ptp4l program in linuxptp, an
implementation of the Precision Time Protocol (PTP), does not validate the
messageLength field of incoming messages, allowing a remote attacker to
cause a denial of service, information leak, or potentially remote code
execution.
For Debian 9 stretch, this problem has been fixed in version
1.8-1+deb9u1.
We recommend that you upgrade your linuxptp packages.
For the detailed security status of linuxptp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/linuxptp
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmEElBlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEci5A/+MvcE6p0fywBAlrdx8NUC7GCMsSPAPXnG0tog2uRfnrJXTDFTxkNxLRjo
f0ER+pMlW2mV4+2JfchEfNLylegw4zZQ5M0lFx4Nhx/Gs7ywGbZ6Ll4jJ8shM5QE
WJyvw24SwHHoH+1yOyIa+ECRr5dcxjFuseZhkn3DOqV9KgGvIlDpvyIu7RraGpDO
ddofUUNpMacgjDCZYmZfAcdpCQDLPKGt2nDXJjI1tSxmWMK50Av0/4Mij6hpe8lj
EoGz2tidZJaVezqKD30q5dDvA1RXWZPWjtN1i1Qzj0f3LDZgskI0OK3nQdORtMbK
qlaW37QNlqUeKmBcPYAAvvP47bESePvuxiYX70JynRZX4VMNq3aw0vUBoZcgjlyM
y3p86I6T1xCyn/z9V2PO2E+X6Y+C38x/C+cDYX5kFjtXIwGWBRRfhMdmCX6gN7Xa
AlDxWECQ101JwrChnDJn0oD/5zR3aHP5E7bGD0DS5LT08HNtDyC53jwZsOQwagqq
SbinlzxyWe2EheQQRbgmJGwTifSBpLeA8Le5qWP4EpR4Wjlj6+7jVa8W3feNvVFb
B7sVb0Qoovz7s/bobEdw6n7kzyNim7iJEMXY0hi8muRhNrQXuqcZpBVdk5Ft7eYE
bBKsG2hkfrJbVciP1q0Kw2Bw7KJImahGuxM2Qs0yay1t5qdDp7s=
=nbfk
-----END PGP SIGNATURE-----
Reply to: