urgent.
Paul Theodoropoulos
paul at anastrophe.com
Thu Oct 21 22:58:24 UTC 2021
I presume this is relevant to the list:
You are subscribed to National Cyber Awareness System Current Activity for
Cybersecurity and Infrastructure Security Agency. This information has
recently been updated, and is now available.
GPS Daemon (GPSD) Rollover Bug
<https://us-cert.cisa.gov/ncas/current-activity/2021/10/21/gps-daemon-gpsd-rollover-bug>
10/21/2021 03:36 PM EDT
Original release date: October 21, 2021
Critical Infrastructure (CI) owners and operators, and other users who
obtain Coordinated Universal Time (UTC) from Global Positioning System
(GPS) devices, should be aware of a GPS Daemon (GPSD) bug
<https://gitlab.com/gpsd/gpsd/-/issues/144> in GPSD versions 3.20
(released December 31, 2019) through 3.22 (released January 8, 2021).
On October 24, 2021, Network Time Protocol (NTP) servers using bugged GPSD
versions 3.20-3.22 may rollback
<https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/>
the date 1,024 weeks—to March 2002—which may cause systems and services to
become unavailable or unresponsive.
CISA urges affected CI owners and operators to ensure systems—that use
GPSD to obtain timing information from GPS devices—are using GPSD version
3.23 <https://gpsd.gitlab.io/gpsd/NEWS> (released August 8, 2021) or newer.
For more information, see Keeping Track of Time: Network Time Protocol and
a GPSD Bug
<https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/>.
--
Paul Theodoropoulos
www.anastrophe.com
More information about the users
mailing list