Miroslav Lichvar reported that the ptp4l program in linuxptp, an
implementation of the Precision Time Protocol (PTP), does not validate
the messageLength field of incoming messages, allowing a remote attacker
to cause a denial of service, information leak, or potentially remote
For the stable distribution (buster), this problem has been fixed in
We recommend that you upgrade your linuxptp packages.