linuxptp-2.0-5.el8.1

エラータID: AXSA:2021-2195:03

Release date: 
Monday, July 12, 2021 - 07:06
Subject: 
linuxptp-2.0-5.el8.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The linuxptp packages provide Precision Time Protocol (PTP) implementation for Linux according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces (API) offered by the Linux kernel.

Security Fix(es):

* linuxptp: missing length check of forwarded messages (CVE-2021-3570)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-3570
A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. linuxptp-2.0-5.el8.1.src.rpm
    MD5: effb042812a49eec0052f80afbef60d5
    SHA-256: 4f6abee1f46c79781ca0544b76c4ffdbeeedf01d8869b39c0d06db918392993a
    Size: 261.91 kB

Asianux Server 8 for x86_64
  1. linuxptp-2.0-5.el8.1.x86_64.rpm
    MD5: f8c751b03e5c23e2aaf9d2b20ded476b
    SHA-256: 841ca9f5f5db00dfa3273f3ef03cd3430d61ccf81e47fc023217dfef6b60e8cc
    Size: 193.70 kB