Headline
Ubuntu Security Notice USN-6097-1
Ubuntu Security Notice 6097-1 - It was discovered that Linux PTP did not properly perform a length check when forwarding a PTP message between ports. A remote attacker could possibly use this issue to access sensitive information, execute arbitrary code, or cause a denial of service.
==========================================================================Ubuntu Security Notice USN-6097-1May 29, 2023linuxptp vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS- Ubuntu 16.04 LTS (Available with Ubuntu Pro)Summary:Linux PTP could be made to crash, run arbitrary code, or exposesensitive information if it received specially crafted input.Software Description:- linuxptp: Precision Time Protocol (PTP, IEEE1588) implementation for LinuxDetails:It was discovered that Linux PTP did not properly perform a length check when forwarding a PTP message between ports. A remote attacker could possibly use this issue to access sensitive information, execute arbitrary code, or cause a denial of service.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:linuxptp 1.9.2-1ubuntu0.1Ubuntu 18.04 LTS:linuxptp 1.8-1ubuntu0.1Ubuntu 16.04 LTS (Available with Ubuntu Pro):linuxptp 1.6-1ubuntu0.1~esm1In general, a standard system update will make all the necessary changes.References:https://ubuntu.com/security/notices/USN-6097-1CVE-2021-3570Package Information:https://launchpad.net/ubuntu/+source/linuxptp/1.9.2-1ubuntu0.1https://launchpad.net/ubuntu/+source/linuxptp/1.8-1ubuntu0.1
Related news
A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.