安全公告详情

NS-SA-2022-0006

2022-05-08 17:47:51

简介

important: linuxptp/glib2 security update

严重级别

important

主题

An update for linuxptp/glib2 is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

linuxptp: This software is an implementation of the Precision Time Protocol (PTP) according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces (API) offered by the Linux kernel. Supporting legacy APIs and other platforms is not a goal.
glib2: The glib2-static subpackage contains static libraries for glib2.


Security Fix(es):
linuxptp: A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-3570)
linuxptp: bugfix
glib2: An integer wraparound was discovered in glib due to passing a 64 bit sized value to function g_memdup() which accepts a 32 bits number as argument. An attacker may abuse this flaw when an application linked against the glib library uses g_bytes_new() function or possibly other functions that use g_memdup() underneath and accept a 64 bits argument as size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-27219)
glib2: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F35B4.

影响组件

  • linuxptp
  • glib2

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["linuxptp-2.0-2.el7_9.1.x86_64.rpm","linuxptp-debuginfo-2.0-2.el7_9.1.x86_64.rpm"],"source":"linuxptp-2.0-2.el7_9.1.src.rpm"},{"binary":["glib2-static-2.56.1-9.el7_9.cgslv5.x86_64.rpm","glib2-tests-2.56.1-9.el7_9.cgslv5.x86_64.rpm","glib2-2.56.1-9.el7_9.cgslv5.x86_64.rpm","glib2-doc-2.56.1-9.el7_9.cgslv5.noarch.rpm","glib2-devel-2.56.1-9.el7_9.cgslv5.x86_64.rpm","glib2-debuginfo-2.56.1-9.el7_9.cgslv5.x86_64.rpm","glib2-fam-2.56.1-9.el7_9.cgslv5.x86_64.rpm"],"source":"glib2-2.56.1-9.el7_9.cgslv5.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["linuxptp-2.0-2.el7_9.1.x86_64.rpm","linuxptp-debuginfo-2.0-2.el7_9.1.x86_64.rpm"],"source":"linuxptp-2.0-2.el7_9.1.src.rpm"},{"binary":["glib2-fam-2.56.1-9.el7_9.cgslv5.0.1.geff35fa.lite.x86_64.rpm","glib2-tests-2.56.1-9.el7_9.cgslv5.0.1.geff35fa.lite.x86_64.rpm","glib2-static-2.56.1-9.el7_9.cgslv5.0.1.geff35fa.lite.x86_64.rpm","glib2-doc-2.56.1-9.el7_9.cgslv5.0.1.geff35fa.lite.noarch.rpm","glib2-debuginfo-2.56.1-9.el7_9.cgslv5.0.1.geff35fa.lite.x86_64.rpm","glib2-devel-2.56.1-9.el7_9.cgslv5.0.1.geff35fa.lite.x86_64.rpm","glib2-2.56.1-9.el7_9.cgslv5.0.1.geff35fa.lite.x86_64.rpm","glib2-libs-2.56.1-9.el7_9.cgslv5.0.1.geff35fa.lite.x86_64.rpm"],"source":"glib2-2.56.1-9.el7_9.cgslv5.0.1.geff35fa.lite.src.rpm"}]}]}

CVE

参考