[USN-6097-1] Linux PTP vulnerability

-----BEGIN PGP PUBLIC KEY BLOCK-----

xsFNBGRa6wQBEADnW4tU+Yvks46R7v2gMC+bi14nzXWdsBYxTu/IvEXKRHNjxez/
BXetAHGOzi8ysvIJaB8GnxX+oi6QBei19ZoHYzVP5UtEPmJ6IjUechkHTrxYVzpv
XseG1PCLyz3qYbbKN06wctQl/xv7L8z6ExPa0u/M8a97AksPPM760wp0btsa8EtR
ycXdfmhFU72KtDuh5Rx3rwPHUeLj20aorVOj4FJFq7ARbfQTTO8M7Q14cVHha6gN
V2qMtQcaa0jhQ1gdWsE7fGIyKisYY3HIwIOy6uYSFy2BKXIDn5UEaI2rWF4B9nsY
ZKgWpJHeby1n5juJZwFuvTWZWdKvU+c5js5pqoR/Sj4qfH7QP2koxKqAaViNit4X
z8Mmk4++nB42AtQ7bVEaBr1CNGAIjXJq4URS5LQ7WiQDIiemYorKU3BKHuBcIwMa
WoLZP8p3v4Z4l1QaIEzXJzod7/fCJ9BW/f7wInEBA8ninuz6mruIiuIyrRDC9hDl
0esZ8zJ4V3eKt3+Y5peEEjRsnuof1drMtRDvCfS2zxARWYVPe137OGHP5BbZz7qe
PF0Gl/uAnPbCmaW0Jkg+tzP07iDS32dDDrdpqfCuewDT0CC9wT/dTbWBVXW1MlFv
9kd05kS+j6xttfhY8VRGILfp8EtJzFndgBECkVHcGPWG1i2wZeJdb/PG9wARAQAB
zSlFdmFuIENhdmlsbGUgPGV2YW4uY2F2aWxsZUBjYW5vbmljYWwuY29tPsLBlwQT
AQoAQQIbAwUJA8JnAAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBAD2Fk6cLSG6
+8R+Dlja0SCmk5FnBQJkWu4hAhkBAAoJEFja0SCmk5FnvUcP/RjraJDmRFw4eI40
L4ImX1+VkC8VgVT+5rEk5qmD/bKvD983EH+5dPhCPzX3jt67W8hnHltbVKlXN1CP
FNKbuAr39mz3qsoSQHv+Dd3f0LEy85403PnZyQ8oWOWmPIY57r3uFOPwmZQpSlW2
iwojiCt9zp8mgOvGr8dlwesX+keyfDk6ux/W1qqBNF/007VZun5tXG7JEFCphRKk
nmIc0MFXItgAh81eciW9HGSfYUlVldado6QnBNVkTH1ALKuvWQG3p8U2VFz9cCj+
UaUh56z2D9ifE95H/LcyFgabdDkyVS4xxqgY241KFig/otXKYnNbPXgUR/+8L/2z
uO+G6rR4T2QbJ1VAXSE0SZznD+N9KaVAokL8AqVx+UnHu6MryRkQ2DPcyhu957oT
UOpPcA2ebiteR7QN9yDJ/8jReogaAL0rU7Ceg1TQ09UVF6+jpvM/+QCv+AIk1Bpy
NfM05ftfSMjMQ3tmCGz5eh5epfgMT019KDY9KA5qZ+a3W2YsSSauwbyvD4pmFv5Y
ptz5EZ0CW57HbZKbCXoZdZKIGhCPJH01NeZrhnnKYwsPU0L8RM15odnysh2V+GOU
ho6Wsevc0KtcudlwHEGHDqALH73F6B17IgG+8y8Td9sbd81l+eJFDLyMvrvTyLaw
rdr8rkuIKZqdnuUE3kLBCzqqPjhOzsFNBGRkbD8BEADMt8ySTjEIdCVmCN+WrdSJ
Fun3kLxxjTAjo9RoiD5J1B9QCvtm8EnOj8pvplBCIwC9GoRfEpNezbs0k9PZBiOW
B2jhT4rnY9vXyeErqHZ8k2yBxsSsmQUF2vvDF3RjyXZZxppmXn9iZLmmGgUpc9bh
f4jMLks+zBObhpiEO8J60M2aqqwB596LggqjXJBwD3utx93b7M+TWDy4ex74g/og
NMd4L9rc3XLXEm+V83jQsJvpRWxrHPwa0oZeG4OUeQqRtrWsVbGPRkTvzF96hd7F
75FFHX7wXUhPoma91RwfXKyDyBa4s+IWqneZ7n4lo3x+dlIOg6c2p4H3Uh05bwnM
yMv4Bu0S7qCPjwgfGvCw6BX0qNhhtZmkOGLX5ySftNjWzcW7ezhf9Ts7voFMpAYv
xYIXcZXQ+YS6DvGR2N2VG9GYiIMbQKPFyTNptghjcOKeQ53ozlW0EfCAVuE4iBTo
zKSCXtwzmdeHIOvzs64VTDINXJkJ2yJWsKkLaeG2hpk62XN6Y/drL6krvt2bqeg3
ZQIPzhpTNhLLYDMVzHOkJZQsC+QN+jq0QJm7ULC83nd54zcckZcE8a8kx6qec54f
KZ+HdhFMupgj0LE372T9eeDPSIcLoVVe+PWFXMM0OhPC65FKrw9lzvZUK5ntJem4
cfQtMyBPFlADV/ETsmp6RQARAQABwsF8BBgBCgAmFiEEAPYWTpwtIbr7xH4OWNrR
IKaTkWcFAmRkbD8CGwwFCQO5LIAACgkQWNrRIKaTkWdVURAArarvLvMiOjqw7nVr
CmxdrrVSkTUoB2OaGzedtAFGJ7JiZwBpotaOsq/E1yqrirznTgRM4LwdysvgkeSn
mm+/TALp1LCB1jgq4DyRYDMbywflMJplUaeVFk6dRLQf5zggoZ2RWuR599gcFjBT
H3nsYzctbA14j8qvdlpRDdN/LiyDU6CtMt31JSycT6a8uKJccU5WnxSAIm14z+QR
fcuw0aPOJWUSfd3HcCcuaXfivGdSzX/Vfw69Od+cvzBMPlzelmO65Kq9unoYRU2S
wauDcRUDSfTEBRj8SW/bIQFwYqYBkj5eJadeEpWc6qsElK+6Hqb43EPbpd+LwxX1
oqhrm7DHobqPHT6SHOiE1rz5QtLU8O9rLFs8zYud9Q+c+n9fFvdCItlNZFzG+dj/
zIQLrKhoKRKPUau7nDyUiPkXCTAdOmoAO/4oIVrbhsdg6hQIpH79q3qH1N7BTVkY
dF5hd8D9zojCIlK4BjF610iaMnQVKePK44NDu/BP1ea4TEHXjI+AWskDtz8EJskO
cFIOGjYtOzPvTllrvPltggzoxrNQjy3ozWqFSTMY11+mj64na5VFry/KF5pzuaWh
oW03SN0hX2alE71d1dLtC9ifhn0e4bLWMiQlWZAYxGelJ3jVE4KU6R9S6gswirbd
Xq2EIZRR3UlNrghtoLdy9NJCBmI=
=qCOb
-----END PGP PUBLIC KEY BLOCK-----
==========================================================================
Ubuntu Security Notice USN-6097-1
May 29, 2023

linuxptp vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Linux PTP could be made to crash, run arbitrary code, or expose
sensitive information if it received specially crafted input.

Software Description:
- linuxptp: Precision Time Protocol (PTP, IEEE1588) implementation for Linux

Details:

It was discovered that Linux PTP did not properly perform a length check
when forwarding a PTP message between ports. A remote attacker could
possibly use this issue to access sensitive information, execute
arbitrary code, or cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
linuxptp 1.9.2-1ubuntu0.1

Ubuntu 18.04 LTS:
linuxptp 1.8-1ubuntu0.1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
linuxptp 1.6-1ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6097-1
CVE-2021-3570

Package Information:
https://launchpad.net/ubuntu/+source/linuxptp/1.9.2-1ubuntu0.1
https://launchpad.net/ubuntu/+source/linuxptp/1.8-1ubuntu0.1