UbuntuUpdates.org

Package "netatalk"

Name: netatalk

Description:

Apple Filing Protocol service
Latest version: 3.1.12~ds-4ubuntu0.20.04.3
Release: focal (20.04)
Level: updates
Repository: universe
Homepage: http://netatalk.sourceforge.net/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "netatalk"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "netatalk" in Focal

Repository Area Version
base universe 3.1.12~ds-4
security universe 3.1.12~ds-4ubuntu0.20.04.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.1.12~ds-4ubuntu0.20.04.3 2023-12-12 18:08:53 UTC

  netatalk (3.1.12~ds-4ubuntu0.20.04.3) focal-security; urgency=medium

  * SECURITY UPDATE: remote code execution
    - debian/patches/CVE-2023-42464.patch: validate data type in
      dalloc_value_for_key() to avoid type confusion.
    - CVE-2023-42464

 -- Allen Huang <email address hidden> Thu, 07 Dec 2023 13:48:08 +0000
Source diff to previous version
CVE-2023-42464 A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets,

Version: 3.1.12~ds-4ubuntu0.20.04.1 2023-06-08 12:07:04 UTC

  netatalk (3.1.12~ds-4ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: RCE vulnerability
    - debian/patches/CVE-2021-31439.patch: libatalk: apply limit checking
      to DSI write offset
    - CVE-2021-31439
  * SECURITY UPDATE: RCE with root privileges
    - debian/patches/CVE-2022-0194_23122_23123_23124_*.patch: add defines
      for icon lengths, harden ad_entry(), add handling for cases where
      ad_entry() returns NULL, protect against removing AFP metadata xattr,
      avoid setting adouble entries on symlinks
    - debian/patches/CVE-2022-23121-*.patch: apply hardening to
      parse_entries()
    - debian/patches/CVE-2022-23125.patch: harden copyapplfile()
    - debian/patches/CVE-2022-43634.patch: fix dsi_writeinit() function
    - CVE-2022-0194
    - CVE-2022-23121
    - CVE-2022-23122
    - CVE-2022-23123
    - CVE-2022-23124
    - CVE-2022-23125
    - CVE-2022-43634
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-45188.patch: fixes the heap-based buffer
      overflow in afp_getappl()
    - CVE-2022-45188

 -- Nishit Majithia <email address hidden> Thu, 08 Jun 2023 09:48:49 +0530
CVE-2021-31439 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authenticat
CVE-2022-0194 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit
CVE-2022-23121 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit
CVE-2022-23125 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit
CVE-2022-43634 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit
CVE-2022-23122 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit
CVE-2022-23123 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to
CVE-2022-23124 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to
CVE-2022-45188 Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root


About   -   Send Feedback to @ubuntu_updates