Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Debian 11: DLA-3968-1 critical: netatalk buffer overflow issue

debian lts
Calendar Grey November 27, 2024
Dist Debian Esm H88
The recent Debian LTS Advisory DLA-3968-1 concerns security flaws in netatalk, specifically highlighting buffer overflow vulnerabilities that pose significant risks.
Several issues have been found in netatalk, an Apple Filing Protocol service
Topics%20covered

Topics Covered

security advisory buffer overflow debian arbitrary code netatalk file execution

Summary

Several issues have been found in netatalk, an Apple Filing Protocol
service. Three issues are related to off-by-one errorrs and resultant
heap-based buffer overflow. One issue is related to primitives offered by
SMB and AFP, which might allow an attacker to write arbitrary files and
eventually execute arbitrary code.


For Debian 11 bullseye, these problems have been fixed in version
3.1.12~ds-8+deb11u2.

We recommend that you upgrade your netatalk packages.

For the detailed security status of netatalk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/netatalk

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



Severity
critical
Lowest
Low
Medium
High
Critical

Package: netatalk
Version: 3.1.12~ds-8+deb11u2
CVE ID: CVE-2022-22995 CVE-2024-38439 CVE-2024-38440

Topics%20covered

Topics Covered

security advisory buffer overflow debian arbitrary code netatalk file execution

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here