[SECURITY] [DLA 2723-1] linuxptp security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2723-1] linuxptp security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sat, 31 Jul 2021 00:06:49 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2107310005310.24567@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2723-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
July 31, 2021                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : linuxptp
Version        : 1.8-1+deb9u1
CVE ID         : CVE-2021-3570

Miroslav Lichvar reported that the ptp4l program in linuxptp, animplementation of the Precision Time Protocol (PTP), does not validate themessageLength field of incoming messages, allowing a remote attacker tocause a denial of service, information leak, or potentially remote codeexecution.



For Debian 9 stretch, this problem has been fixed in version
1.8-1+deb9u1.

We recommend that you upgrade your linuxptp packages.

For the detailed security status of linuxptp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/linuxptp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmEElBlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEci5A/+MvcE6p0fywBAlrdx8NUC7GCMsSPAPXnG0tog2uRfnrJXTDFTxkNxLRjo
f0ER+pMlW2mV4+2JfchEfNLylegw4zZQ5M0lFx4Nhx/Gs7ywGbZ6Ll4jJ8shM5QE
WJyvw24SwHHoH+1yOyIa+ECRr5dcxjFuseZhkn3DOqV9KgGvIlDpvyIu7RraGpDO
ddofUUNpMacgjDCZYmZfAcdpCQDLPKGt2nDXJjI1tSxmWMK50Av0/4Mij6hpe8lj
EoGz2tidZJaVezqKD30q5dDvA1RXWZPWjtN1i1Qzj0f3LDZgskI0OK3nQdORtMbK
qlaW37QNlqUeKmBcPYAAvvP47bESePvuxiYX70JynRZX4VMNq3aw0vUBoZcgjlyM
y3p86I6T1xCyn/z9V2PO2E+X6Y+C38x/C+cDYX5kFjtXIwGWBRRfhMdmCX6gN7Xa
AlDxWECQ101JwrChnDJn0oD/5zR3aHP5E7bGD0DS5LT08HNtDyC53jwZsOQwagqq
SbinlzxyWe2EheQQRbgmJGwTifSBpLeA8Le5qWP4EpR4Wjlj6+7jVa8W3feNvVFb
B7sVb0Qoovz7s/bobEdw6n7kzyNim7iJEMXY0hi8muRhNrQXuqcZpBVdk5Ft7eYE
bBKsG2hkfrJbVciP1q0Kw2Bw7KJImahGuxM2Qs0yay1t5qdDp7s=
=nbfk
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2722-1] libsndfile security update
Previous by thread: [SECURITY] [DLA 2722-1] libsndfile security update
Index(es):
- Date
- Thread