Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Mageia 8 MGASA-2023-0027 Critical: Netatalk Code Execution Risks

mageia
Calendar Grey February 7, 2023
Dist Mageia Esm H88
Newly released netatalk updates tackle significant security threats, such as remote code execution and vulnerability exposure issues.
Heap overflow leading to arbitrary code execution

Summary

Heap overflow leading to arbitrary code execution. (CVE-2021-31439) Buffer overflow leading to remote code execution (CVE-2022-0194) Improper length validation leading to remote code execution (CVE-2022-23121) Buffer overflow leading to remote code execution (CVE-2022-23122) Out-of-bounds read leading to information disclosure (CVE-2022-23123) Out-of-bounds read leading to information disclosure (CVE-2022-23124) Improper length validation leading to remote code execution (CVE-2022-23125) Heap-based buffer overflow in afp_getappl resulting in code execution via a crafted .appl file (CVE-2022-45188)

References

- https://bugs.mageia.org/show_bug.cgi?id=31255

- https://lists.suse.com/pipermail/sle-security-updates/2022-December/013205.html

- https://lists.suse.com/pipermail/sle-security-updates/2022-April/010700.html

- https://github.com/Netatalk/Netatalk/commit/895cecbeeae655b2793df6fcbf9df1c1bfbe285d

- https://www.cve.org/CVERecord?id=CVE-2021-31439

- https://www.cve.org/CVERecord?id=CVE-2022-0194

- https://www.cve.org/CVERecord?id=CVE-2022-23121

- https://www.cve.org/CVERecord?id=CVE-2022-23122

- https://www.cve.org/CVERecord?id=CVE-2022-23123

- https://www.cve.org/CVERecord?id=CVE-2022-23124

- https://www.cve.org/CVERecord?id=CVE-2022-23125

- https://www.cve.org/CVERecord?id=CVE-2022-45188

Topics%20covered

Topics Covered

security advisory security issue buffer overflow code execution remote execution heap overflow Mageia

Resolution

SRPMS

- 8/core/netatalk-3.1.14-1.1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 07 Feb 2023
URL: https://advisories.mageia.org/MGASA-2023-0027.html
Type: security
CVE: CVE-2021-31439, CVE-2022-0194, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124, CVE-2022-23125, CVE-2022-45188

Topics%20covered

Topics Covered

security advisory security issue buffer overflow code execution remote execution heap overflow Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here