Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 5 Jul 2021 15:30:14 -0700
From: Richard Cochran <richardcochran@...il.com>
To: oss-security@...ts.openwall.com
Cc: linuxptp-devel@...ts.sourceforge.net,
	linuxptp-users@...ts.sourceforge.net
Subject: linuxptp: Fixes published for CVE-2021-3570 and CVE-2021-3571

Dear list,

Now that the embargo period has expired, I published fixes for:

   CVE-2021-3570 linuxptp: missing length check of forwarded messages
   CVE-2021-3571 linuxptp: wrong length of one-step follow-up in transparent clock

The fixes have been published to SourceForge and to GitHub:

   https://sourceforge.net/projects/linuxptp
   https://github.com/richardcochran/linuxptp

The tags with the fixes are as follows:

   v1.5.1
   v1.6.1
   v1.7.1
   v1.8.1
   v1.9.3
   v2.0.1
   v3.1.1

In addition, the head of the master branch (soon to be version 3.2)
also includes the fixes.

Although it is possible to apply the fix to versions 1.2, 1.3, and
1.4, those versions are obsolete and do not pass our CI tests.  For
this reason I decided to withdraw them instead.

Thanks,
Richard

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.