Bug#990759: FW: [Linuxptp-devel] linuxptp: Fixes published for CVE-2021-3570 and CVE-2021-3571
Package: linuxptp
Version: 3.1-2
CVE-2021-3570
CVE-2021-3571
-----Original Message-----
From: Richard Cochran <richardcochran@gmail.com>
Sent: Tuesday, 6 July 2021 00:30
To: oss-security@lists.openwall.com
Cc: linuxptp-users@lists.sourceforge.net; linuxptp-devel@lists.sourceforge.net
Subject: [Linuxptp-devel] linuxptp: Fixes published for CVE-2021-3570 and CVE-2021-3571
Dear list,
Now that the embargo period has expired, I published fixes for:
CVE-2021-3570 linuxptp: missing length check of forwarded messages
CVE-2021-3571 linuxptp: wrong length of one-step follow-up in transparent clock
The fixes have been published to SourceForge and to GitHub:
https://sourceforge.net/projects/linuxptp/
https://github.com/richardcochran/linuxptp
The tags with the fixes are as follows:
v1.5.1
v1.6.1
v1.7.1
v1.8.1
v1.9.3
v2.0.1
v3.1.1
In addition, the head of the master branch (soon to be version 3.2) also includes the fixes.
Although it is possible to apply the fix to versions 1.2, 1.3, and 1.4, those versions are obsolete and do not pass our CI tests. For this reason I decided to withdraw them instead.
Thanks,
Richard
_______________________________________________
Linuxptp-devel mailing list
Linuxptp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linuxptp-devel
Reply to: