Security update for linuxptp SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:2443-1 Final 1 1 2021-07-21T12:03:18Z current 2021-07-21T12:03:18Z 2021-07-21T12:03:18Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for linuxptp This update for linuxptp fixes the following issues: - CVE-2021-3570: Validate the messageLength field of incoming messages. (bsc#1187646) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). HPE-Helion-OpenStack-8-2021-2443,SUSE-2021-2443,SUSE-OpenStack-Cloud-8-2021-2443,SUSE-OpenStack-Cloud-9-2021-2443,SUSE-OpenStack-Cloud-Crowbar-8-2021-2443,SUSE-OpenStack-Cloud-Crowbar-9-2021-2443,SUSE-SLE-SAP-12-SP3-2021-2443,SUSE-SLE-SAP-12-SP4-2021-2443,SUSE-SLE-SERVER-12-SP2-BCL-2021-2443,SUSE-SLE-SERVER-12-SP3-2021-2443,SUSE-SLE-SERVER-12-SP3-BCL-2021-2443,SUSE-SLE-SERVER-12-SP4-LTSS-2021-2443 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20212443-1/ Link for SUSE-SU-2021:2443-1 https://lists.suse.com/pipermail/sle-security-updates/2021-July/009196.html E-Mail link for SUSE-SU-2021:2443-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1187646 SUSE Bug 1187646 https://www.suse.com/security/cve/CVE-2021-3570/ SUSE CVE CVE-2021-3570 page HPE Helion OpenStack 8 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 linuxptp-1.4-15.3.1 linuxptp-1.4-15.3.1 as a component of HPE Helion OpenStack 8 linuxptp-1.4-15.3.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL linuxptp-1.4-15.3.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL linuxptp-1.4-15.3.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS linuxptp-1.4-15.3.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS linuxptp-1.4-15.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 linuxptp-1.4-15.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 linuxptp-1.4-15.3.1 as a component of SUSE OpenStack Cloud 8 linuxptp-1.4-15.3.1 as a component of SUSE OpenStack Cloud 9 linuxptp-1.4-15.3.1 as a component of SUSE OpenStack Cloud Crowbar 8 linuxptp-1.4-15.3.1 as a component of SUSE OpenStack Cloud Crowbar 9 A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1. CVE-2021-3570 HPE Helion OpenStack 8:linuxptp-1.4-15.3.1 SUSE Linux Enterprise Server 12 SP2-BCL:linuxptp-1.4-15.3.1 SUSE Linux Enterprise Server 12 SP3-BCL:linuxptp-1.4-15.3.1 SUSE Linux Enterprise Server 12 SP3-LTSS:linuxptp-1.4-15.3.1 SUSE Linux Enterprise Server 12 SP4-LTSS:linuxptp-1.4-15.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:linuxptp-1.4-15.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:linuxptp-1.4-15.3.1 SUSE OpenStack Cloud 8:linuxptp-1.4-15.3.1 SUSE OpenStack Cloud 9:linuxptp-1.4-15.3.1 SUSE OpenStack Cloud Crowbar 8:linuxptp-1.4-15.3.1 SUSE OpenStack Cloud Crowbar 9:linuxptp-1.4-15.3.1 important 8 AV:N/AC:L/Au:S/C:P/I:P/A:C 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20212443-1/ https://www.suse.com/security/cve/CVE-2021-3570.html CVE-2021-3570 https://bugzilla.suse.com/1187646 SUSE Bug 1187646