Title Datesort ascending Product Models
Spectre and Meltdown Vulnerabilities (CVE-2016-5715, CVE-2017-5753, CVE-2017-5754)
Spectracom products are only susceptible if an attacker can successfully authenticate with the product and gain command line shell access. Malware is required to be run locally within the system to exploit these vulnerabilities. Spectracom recommends following good security practices, including applying software updates containing the latest security patches as they become available, and applying policies and settings that protect and limit access to authorized and trusted users. We are working to update our operating systems and software as they become available to resolve these potential vulnerabilities within the affected products. We will update this bulletin as new information becomes available.
January 5, 2018
  • NetClock
  • SecureSync
  • VelaSync
  • VersaSync
SecureSync and NetClock 9400 Core Processing Module Upgrade

New shipments of the SecureSync Time & Frequency Synchronization Platform, including NetClock 9400 Series Time Servers, include an upgraded version of the core processing module. The new version will provide users with faster processing speeds and enhanced memory functionality. The new processor requires at least version 5.7.0 of the firmware.

September 15, 2017
  • NetClock
  • SecureSync
Dirty COW Vulnerability (CVE-2016-5195)
Spectracom products running LINUX are only susceptible if an attacker is able to successfully authenticate with the product and gain shell access. This Linux vulnerability can only be exploited if an attacker is able to successfully authenticate with the product and gain shell access. We eliminated the vulnerability in the 5.7.0 release for SecureSync and NetClock 9400.
July 11, 2017
  • NetClock
  • SecureSync
  • Enterprise
  • LMR
  • PTP
  • SAASM
  • SecureSync Option
  • SecureSync-Platform
  • Skylight
  • VelaSync
  • VersaSync
NTP Vulnerabilities Prior to Version 4.2.8p10
Several vulnerabilities were recently reported in ntpd currently used in application software version 5.6.0 or below. The 5.7.0 release resolves these vulnerabilities with the update to NTP version 4.2.8p10.
April 2, 2017
  • NetClock
  • SecureSync
GPS leap second handling error
When GPS started broadcasting the leap second notification on July 19, 2016 for activation on Dec 31, some GPS timing receivers erroneously inserted the leap second resulting in a 1 second time error.
July 20, 2016
  • Epsilon Clock
  • NetClock
  • SecureSync
  • TSYNC
Required Update for SecureSync / NetClock 9400 Running v5.0.2
Spectracom SecureSync and NetClock 9400 units need a certain amount of free space on its compact flash memory. A bug in version 5.0.2 continuously creates log entries during normal operation which over a long period of time will consume memory that will compromise correct operation of the unit.
March 16, 2016
  • NetClock
  • SecureSync
Freeing Up Disk Space Before a Software Update

When performing a software upgrade, a SecureSync or NetClock 9400 requires additional disk space. It is recommended to ensure memory usage is less than 70% before upgrading. If memory usage is more than 70%, save and delete logs and previous update files

March 14, 2016
  • NetClock
  • SecureSync