Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 10 articles for you...
172
security advisorydenial of servicecode executionUbuntu: USN-6097-1 Critical: linuxptp Code Execution Threat
Linux PTP could be made to crash, run arbitrary code, or expose sensitive information if it received specially crafted input.. =========================================================================Ubuntu Security Notice USN-6097-1 May 29, 2023 linuxptp vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Linux PTP could be made to crash, run arbitrary code, or expose sensitive information if it received specially crafted input. Software Description: - linuxptp: Precision Time Protocol (PTP, IEEE1588) implementation for Linux Details: It was discovered that Linux PTP did not properly perform a length check when forwarding a PTP message between ports. A remote attacker could possibly use this issue to access sensitive information, execute arbitrary code, or cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: linuxptp 1.9.2-1ubuntu0.1 Ubuntu 18.04 LTS: linuxptp 1.8-1ubuntu0.1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): linuxptp 1.6-1ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6097-1 CVE-2021-3570 Package Information: https://launchpad.net/ubuntu/+source/linuxptp/1.9.2-1ubuntu0.1 https://launchpad.net/ubuntu/+source/linuxptp/1.8-1ubuntu0.1 . The PTP flaw in Linux on Ubuntu platforms might lead to system failures, enable unauthorized script execution, or reveal confidential data.. Linux PTP, Ubuntu Advisory, Security Notice, Code Execution, Denial of Service. . Severity: Critical. LinuxSecurity.com Team
May 29, 2023
•Critical
Ubuntu
219
security advisorymoderatesecurity updateRocky Linux 8 RLSA-2021:4321 Moderate LinuxPTP Security Update
Moderate: linuxptp security, bug fix, and enhancement update. \{'type': 'Security', 'shortCode': 'RL', 'name': 'RLSA-2021:4321', 'synopsis': 'Moderate: linuxptp security, bug fix, and enhancement update', 'severity': 'Moderate', 'topic': 'An update for linuxptp is now available for Rocky Linux 8.\nRocky Linux Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.', 'description': 'The linuxptp packages provide Precision Time Protocol (PTP) implementation for Linux according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces (API) offered by the Linux kernel. \nThe following packages have been upgraded to a later upstream version: linuxptp (3.1.1). (BZ#1895005)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\nAdditional Changes:\nFor detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section.', 'solution': None, 'affectedProducts': ['Rocky Linux 8'], 'fixes': ['1895005', '1966241'], 'cves': ['Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3571.json:::CVE-2021-3571'], 'references': [], 'publishedAt': '2021-11-15T07:26:35.348554Z', 'rpms': ['linuxptp-3.1.1-1.el8.aarch64.rpm', 'linuxptp-3.1.1-1.el8.src.rpm', 'linuxptp-3.1.1-1.el8.x86_64.rpm', 'linuxptp-debuginfo-3.1.1-1.el8.aarch64.rpm', 'linuxptp-debuginfo-3.1.1-1.el8.x86_64.rpm', 'linuxptp-debugsource-3.1.1-1.el8.aarch64.rpm', 'linuxptp-debugsource-3.1.1-1.el8.x86_64.rpm']}\. Essential linuxptp security patch for Rocky Linux 8 introduces critical bug resolutions and optimizations aimed at boostingoverall system efficiency.. LinuxPTP Update, Rocky Linux Security Fixes, Bug Enhancements. . LinuxSecurity.com Team
Sep 02, 2022
Rocky Linux
219
security advisoryimportant updateRocky LinuxRocky Linux 8 RLSA-2021:2661 Critical: linuxptp Vulnerability Mitigation
Important: linuxptp security update. \{'type': 'Security', 'shortCode': 'RL', 'name': 'RLSA-2021:2660', 'synopsis': 'Important: linuxptp security update', 'severity': 'Important', 'topic': 'An update for linuxptp is now available for Rocky Linux 8.\nRocky Linux Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.', 'description': 'The linuxptp packages provide Precision Time Protocol (PTP) implementation for Linux according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces (API) offered by the Linux kernel. \nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.', 'solution': None, 'affectedProducts': ['Rocky Linux 8'], 'fixes': ['1966240'], 'cves': ['Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3570.json:::CVE-2021-3570'], 'references': [], 'publishedAt': '2021-07-22T03:37:58.930570Z', 'rpms': ['linuxptp-2.0-5.el8_4.1.aarch64.rpm', 'linuxptp-2.0-5.el8_4.1.src.rpm', 'linuxptp-2.0-5.el8_4.1.x86_64.rpm', 'linuxptp-debuginfo-2.0-5.el8_4.1.aarch64.rpm', 'linuxptp-debuginfo-2.0-5.el8_4.1.x86_64.rpm', 'linuxptp-debugsource-2.0-5.el8_4.1.aarch64.rpm', 'linuxptp-debugsource-2.0-5.el8_4.1.x86_64.rpm']}\. Rocky Linux 8 has rolled out a crucial update for linuxptp aimed at enhancing security and ensuring optimal system functionality.. Rocky Linux, Linuxptp Security, Important Update, PTP Protocol. . Severity: Important. LinuxSecurity.com Team
Sep 02, 2022
•Important
Rocky Linux
98
security advisorysecurity updatebug fixRed Hat Enterprise Linux 8 RHSA-2021-4321 Moderate: linuxptp Bug Fix
An update for linuxptp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: linuxptp security, bug fix, and enhancement update Advisory ID: RHSA-2021:4321-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4321 Issue date: 2021-11-09 CVE Names: CVE-2021-3571 ==================================================================== 1. Summary: An update for linuxptp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The linuxptp packages provide Precision Time Protocol (PTP) implementation for Linux according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces (API) offered by the Linux kernel. The following packages have been upgraded to a later upstream version: linuxptp (3.1.1). (BZ#1895005) Security Fix(es): * linuxptp: wrong length of one-step follow-up in transparent clock (CVE-2021-3571) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. AdditionalChanges: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1895005 - Rebase linuxptp to 3.1 1966241 - CVE-2021-3571 linuxptp: wrong length of one-step follow-up in transparent clock 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: linuxptp-3.1.1-1.el8.src.rpm aarch64: linuxptp-3.1.1-1.el8.aarch64.rpm linuxptp-debuginfo-3.1.1-1.el8.aarch64.rpm linuxptp-debugsource-3.1.1-1.el8.aarch64.rpm ppc64le: linuxptp-3.1.1-1.el8.ppc64le.rpm linuxptp-debuginfo-3.1.1-1.el8.ppc64le.rpm linuxptp-debugsource-3.1.1-1.el8.ppc64le.rpm s390x: linuxptp-3.1.1-1.el8.s390x.rpm linuxptp-debuginfo-3.1.1-1.el8.s390x.rpm linuxptp-debugsource-3.1.1-1.el8.s390x.rpm x86_64: linuxptp-3.1.1-1.el8.x86_64.rpm linuxptp-debuginfo-3.1.1-1.el8.x86_64.rpm linuxptp-debugsource-3.1.1-1.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-3571 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/8.5_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYYreItzjgjWX9erEAQhL2xAAk7xfc5O+Nel9c/Za29av/duXkitBSx7g c4A5hNRVMIH5v7LDf808wpXOxVpQAqdjqykOFqhhTX7UDMNNYCkJXNYJ2vrHvNQM diiCWLzjiUm9F5zImBItqycPojENK76vYfnC6QgBrbdDhFJZ8mbsv1OlcgSSW4fn F5AuPcmDNjqjdOh8Nl5zCvU6Ea/yLGgP6mUGjqkqKcVaRPL6NRsMv9EXF5ECWojb n25aZNhtoB0EgZYOz69VEGuMM6wy8bHIHWENJuvGxB+/ZRLHHqxvOMWf28p2Ue3o q6sDxp1VYFqTzq248bmdooXGVljyvo7jCH05tD9z6RcEHZksLGyjYntl5sTN3bs9 FHPF+cS0Hb6xUbioPf1mBVs/QHqbEfKJTuTr+MxUlLe3U5Q7gefj8tUNpUBRQtvP Z1rZp9tzHq2iO3WrfqPT95dkzNHIlG+H5lg48u3SRlbCAhOad6t9EcfvmmO5rPy7 jVpzYDh/dPOBL80OSzP1JjN0tz7HE81jS1NlL6BXhOi5EGL7ArGLHZC7bHdnxQ0n SgZUZvgB4f03JmskFr8AWcAZdZ85SIfSoNQ71/YuwItrR0GKIEavv9GqLacK0Sgx XEawtWut2+Dgkn00w1uAdfmGWjKOnjaYnISucpu4LPVKBXTpVI+dBtpgOoDmDJ6T jpTH7DYbzpU=t8tB -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 09, 2021
Red Hat
202
security advisorymoderateupdateopenSUSE Leap 15.3: 2021:3202-1 Moderate: linuxptp Message Length Fix
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for linuxptp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:3202-1 Rating: moderate References: #1187646 Cross-References: CVE-2021-3570 CVSS scores: CVE-2021-3570 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3570 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for linuxptp fixes the following issues: - CVE-2021-3570: Fixed messageLength validation field of incoming messages (bsc#1187646). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-3202=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): linuxptp-3.1.1-3.3.1 linuxptp-debuginfo-3.1.1-3.3.1 linuxptp-debugsource-3.1.1-3.3.1 References: https://www.suse.com/security/cve/CVE-2021-3570.html https://bugzilla.suse.com/1187646 . Uncover the latest openSUSE Security Patch targeting a significant flaw in linuxptp posing serious risks. Find out more today!. openSUSE LinuxPTP Update, Security Fix, Advisory. . Severity: Important. LinuxSecurity.com Team
Sep 23, 2021
•Important
OpenSUSE
100
security advisorysoftware updatemoderate severitySUSE: 2021:3202-1 Moderate: linuxptp Message Length Issue
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for linuxptp ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3202-1 Rating: moderate References: #1187646 Cross-References: CVE-2021-3570 CVSS scores: CVE-2021-3570 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3570 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for linuxptp fixes the following issues: - CVE-2021-3570: Fixed messageLength validation field of incoming messages (bsc#1187646). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3202=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): linuxptp-3.1.1-3.3.1 linuxptp-debuginfo-3.1.1-3.3.1 linuxptp-debugsource-3.1.1-3.3.1 References: https://www.suse.com/security/cve/CVE-2021-3570.html https://bugzilla.suse.com/1187646 . SUSE Security Patch for linuxptp rated as moderate severity, addressing message length vulnerabilities. Apply advised updates.. SUSE Security Update, linuxptp patch, message length validation, software update. . LinuxSecurity.com Team
Sep 23, 2021
SuSE
202
security advisoryupdateimportantopenSUSE Leap 15.2: 2021:1102-1 Important: linuxptp Fix for CVE-2021-3570
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for linuxptp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1102-1 Rating: important References: #1187646 Cross-References: CVE-2021-3570 CVSS scores: CVE-2021-3570 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3570 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for linuxptp fixes the following issues: - CVE-2021-3570: Validate the messageLength field of incoming messages. (bsc#1187646) This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-1102=1 Package List: - openSUSE Leap 15.2 (x86_64): linuxptp-1.8+git65.g303b08c-lp152.4.3.1 linuxptp-debuginfo-1.8+git65.g303b08c-lp152.4.3.1 linuxptp-debugsource-1.8+git65.g303b08c-lp152.4.3.1 References: https://www.suse.com/security/cve/CVE-2021-3570.html https://bugzilla.suse.com/1187646 . This release tackles an important problem in linuxptp, providing guidance for setup and specifics of the fix.. openSUSE, linuxptp, security patch. . Severity: Important. LinuxSecurity.com Team
Aug 09, 2021
•Important
OpenSUSE
197
security advisorydenial of serviceinformation leakDebian Stretch LTS DLA-2723-1: linuxptp Critical Denial Of Service Advisory
Miroslav Lichvar reported that the ptp4l program in linuxptp, an implementation of the Precision Time Protocol (PTP), does not validate the messageLength field of incoming messages, allowing a remote attacker to . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2723-1
Jul 30, 2021
•Critical
Debian LTS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!