Package "atalkd"
| Name: |
atalkd
|
Description: |
AppleTalk Network Suite
|
| Latest version: |
4.2.3~ds-2.1ubuntu0.1 |
| Release: |
resolute (26.04) |
| Level: |
security |
| Repository: |
universe |
| Head package: |
netatalk |
| Homepage: |
https://github.com/Netatalk/netatalk |
Links
Download "atalkd"
Other versions of "atalkd" in Resolute
Changelog
|
netatalk (4.2.3~ds-2.1ubuntu0.1) resolute-security; urgency=medium
* SECURITY UPDATE: sql injection
- debian/patches/CVE-2026-44047.patch: cnid: protect against MySQL CNID
filename SQL injection in cnid_mysql.c.
- CVE-2026-44047
* SECURITY UPDATE: buffer out-of-bounds write
- debian/patches/CVE-2026-44048.patch: fix UCS-2 terminator bounds in
charset conversion in libatalk/unicode/charcnv.c
- debian/patches/CVE-2026-44049.patch: reserve charset terminator space
in conversion in etc/afpd/desktop.c, etc/afpd/mangle.c,
libatalk/unicode/charcnv.c.
- CVE-2026-44048
- CVE-2026-44049
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2026-44050.patch: cnid_dbd: validate CNID request
name length in etc/cnid_dbd/comm.c.
- CVE-2026-44050
* SECURITY UPDATE: improper link resolution before access
- debian/patches/CVE-2026-44051.patch: afpd: validate symlink targets
from FinderInfo in etc/afpd/file.c.
- CVE-2026-44051
* SECURITY UPDATE: logging of sensitive information
- debian/patches/CVE-2026-44052.patch: libatalk: avoid logging LDAP
bind passwords in libatalk/acl/ldap.c.
- CVE-2026-44052
* SECURITY UPDATE: command injection
- debian/patches/CVE-2026-44055.patch: afpd: correct bitwise check and
escape user in FCE notify script in etc/afpd/fce_api.c.
- CVE-2026-44055
* SECURITY UPDATE: integer underflow
- debian/patches/CVE-2026-44060.patch: libatalk/dsi: fix write
underflow in dsi_writeinit in libatalk/dsi/dsi_write.c.
- CVE-2026-44060
* SECURITY UPDATE: out-of-bounds write
- debian/patches/CVE-2026-44062.patch: libatalk/unicode: guard UCS2
slash and colon writes in libatalk/unicode/charcnv.c.
- CVE-2026-44062
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2026-44064.patch: libatalk/asp: bounds-check ASP
session ID in libatalk/asp/asp_getsess.c.
- CVE-2026-44064
-- Shishir Subedi <email address hidden> Thu, 04 Jun 2026 13:35:41 +0545
|
| CVE-2026-44047 |
An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorize |
| CVE-2026-44048 |
A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to |
| CVE-2026-44049 |
An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker t |
| CVE-2026-44050 |
A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute |
| CVE-2026-44051 |
An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite |
| CVE-2026-44052 |
Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files t |
| CVE-2026-44055 |
A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execut |
| CVE-2026-44060 |
An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a c |
| CVE-2026-44062 |
A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitr |
| CVE-2026-44064 |
An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or c |
|
About
-
Send Feedback to @ubuntu_updates
