UbuntuUpdates.org

Package "netatalk"

Name: netatalk

Description:

Apple Filing Protocol service

Latest version: 3.1.12~ds-9ubuntu0.22.04.3
Release: jammy (22.04)
Level: security
Repository: universe
Homepage: http://netatalk.sourceforge.net/

Links


Download "netatalk"


Other versions of "netatalk" in Jammy

Repository Area Version
base universe 3.1.12~ds-9build1
updates universe 3.1.12~ds-9ubuntu0.22.04.3

Changelog

Version: 3.1.12~ds-9ubuntu0.22.04.3 2023-12-12 16:11:50 UTC

  netatalk (3.1.12~ds-9ubuntu0.22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: remote code execution
    - debian/patches/CVE-2023-42464.patch: validate data type in
      dalloc_value_for_key() to avoid type confusion.
    - CVE-2023-42464

 -- Allen Huang <email address hidden> Thu, 07 Dec 2023 10:55:59 +0000

Source diff to previous version
CVE-2023-42464 A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets,

Version: 3.1.12~ds-9ubuntu0.22.04.1 2023-06-08 12:07:07 UTC

  netatalk (3.1.12~ds-9ubuntu0.22.04.1) jammy-security; urgency=medium

  * SECURITY UPDATE: RCE vulnerability
    - debian/patches/CVE-2021-31439.patch: libatalk: apply limit checking
      to DSI write offset
    - CVE-2021-31439
  * SECURITY UPDATE: RCE with root privileges
    - debian/patches/CVE-2022-0194_23122_23123_23124_*.patch: add defines
      for icon lengths, harden ad_entry(), add handling for cases where
      ad_entry() returns NULL, protect against removing AFP metadata xattr,
      avoid setting adouble entries on symlinks
    - debian/patches/CVE-2022-23121-*.patch: apply hardening to
      parse_entries()
    - debian/patches/CVE-2022-23125.patch: harden copyapplfile()
    - debian/patches/CVE-2022-43634.patch: fix dsi_writeinit() function
    - CVE-2022-0194
    - CVE-2022-23121
    - CVE-2022-23122
    - CVE-2022-23123
    - CVE-2022-23124
    - CVE-2022-23125
    - CVE-2022-43634
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-45188.patch: fixes the heap-based buffer
      overflow in afp_getappl()
    - CVE-2022-45188

 -- Nishit Majithia <email address hidden> Thu, 08 Jun 2023 10:01:09 +0530

CVE-2021-31439 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authenticat
CVE-2022-0194 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit
CVE-2022-23121 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit
CVE-2022-23125 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit
CVE-2022-43634 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit
CVE-2022-23122 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit
CVE-2022-23123 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to
CVE-2022-23124 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to
CVE-2022-45188 Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root



About   -   Send Feedback to @ubuntu_updates