News from 2024-08-27


Meinberg Security Advisory: [MBGSA-2024.05] LANTIME-Firmware V7.08.015



Updated Version from 29.08.2024

The LANTIME firmware version 7.08.015 includes updates of third party library and program curl.

Meinberg recommends updating to LANTIME firmware version 7.08.015.

Estimation of Severity up to and including
  • LANTIME Firmware V7.08.014:
    severity level critical(0), high (0), medium (0), low (0), info (3), unknown (0)
Updated Version:
  • LANTIME Firmware: V7.08.015

  1. Description of the Vulnerabilities

    • Third-Party-Software:
      Update from 29.08.2024
      Contrary to the first report, the LTOS is not affected by the vulnerability CVE-2024-6197, as libcurl was built with OpenSSL and this constellation is not affected according to the advisory from curl. The same applies to the vulnerability CVE-2024-7264.

      Contrary to what was first reported, LTOS is not affected by the CVE-2024-6874 vulnerability because libcurl was not built with Apple's IDN backend.
      • curl:

        • CVE-2024-6874 - macidn punycode buffer overread (info)
          CVE-2024-6197 - freeing stack buffer in utf8asn1str (info)
          CVE-2024-7264 - ASN.1 date parser overread (info)
          https://curl.se/docs/security.html

          Curl Update: V7.08.015 MBGID-18568

  2. Systems Affected

    All LANTIME firmware versions before 7.08.015 are not affected by the corresponding vulnerabilities. The LANTIME firmware is used by all devices of the LANTIME M series (M100, M150, M200, M250, M300, M320, M400, M450, M600, M900) as well as all devices of the LANTIME IMS series (M500, M1000, M1000S, M2000S, M3000, M3000S, M4000) and the SyncFire product family (SF1000, SF1100, SF1200, SF1500) and LANTIME CPU Expansions (LCES).

    Whether and to what extent individual clients or LANTIME systems are vulnerable depends on the individual configuration, network infrastructure, and other factors, and it is therefore not possible to provide a general statement on how vulnerable a given system in use actually is.

  3. Firmware-Update

    The bugs listed in the changelog will be fixed by updating to LANTIME firmware version 7.08.015(-light).

    Download the latest LANTIME firmware at:

    All updates are now available for Meinberg customers. An update of the LANTIME firmware to the version 7.08.015 respectively 7.08.015-light is recommended. Clients who cannot install version 7.08.015 should install version 7.08.015-light instead.

  4. Further Information

    Further details and information are available from the following website:

    If you have any questions or need assistance, please, do not hesitate to contact Meinberg’s technical support team.

  5. Acknowledgments

    We would like to express our gratitude to all those who have advised us of vulnerabilities or other bugs, and have also suggested improvements to us.

    Thank you!


Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact