important: linuxptp/glib2 security update
important
An update for linuxptp/glib2 is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
linuxptp: This software is an implementation of the Precision Time Protocol (PTP) according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces (API) offered by the Linux kernel. Supporting legacy APIs and other platforms is not a goal.
glib2: The glib2-static subpackage contains static libraries for glib2.
Security Fix(es):
linuxptp: A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-3570)
linuxptp: bugfix
glib2: An integer wraparound was discovered in glib due to passing a 64 bit sized value to function g_memdup() which accepts a 32 bits number as argument. An attacker may abuse this flaw when an application linked against the glib library uses g_bytes_new() function or possibly other functions that use g_memdup() underneath and accept a 64 bits argument as size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-27219)
glib2: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F35B4.