An update for linuxptp is now available for openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1368 Final 1.0 1.0 2021-09-30 Initial 2021-09-30 2021-09-30 openEuler SA Tool V1.0 2021-09-30 linuxptp security update An update for linuxptp is now available for openEuler-20.03-LTS-SP1. Linuxptp is an implementation of the Precision Time Protocol (PTP) according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces (API) offered by the Linux kernel. Supporting legacy APIs and other platforms is not a goal. Security Fix(es): A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-3570) An update for linuxptp is now available for openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High linuxptp https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1368 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-3570 https://nvd.nist.gov/vuln/detail/CVE-2021-3570 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 linuxptp-debuginfo-2.0-5.oe1.aarch64.rpm linuxptp-debugsource-2.0-5.oe1.aarch64.rpm linuxptp-2.0-5.oe1.aarch64.rpm linuxptp-2.0-5.oe1.aarch64.rpm linuxptp-debugsource-2.0-5.oe1.aarch64.rpm linuxptp-debuginfo-2.0-5.oe1.aarch64.rpm linuxptp-help-2.0-5.oe1.noarch.rpm linuxptp-help-2.0-5.oe1.noarch.rpm linuxptp-2.0-5.oe1.src.rpm linuxptp-2.0-5.oe1.src.rpm linuxptp-2.0-5.oe1.x86_64.rpm linuxptp-debugsource-2.0-5.oe1.x86_64.rpm linuxptp-debuginfo-2.0-5.oe1.x86_64.rpm linuxptp-debugsource-2.0-5.oe1.x86_64.rpm linuxptp-2.0-5.oe1.x86_64.rpm linuxptp-debuginfo-2.0-5.oe1.x86_64.rpm A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-09-30 CVE-2021-3570 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 High 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H linuxptp security update 2021-09-30 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1368