Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 541
Alerts This Week
Warning Icon 1 541

Ubuntu 22.10 LTS USN-6146-1 Critical Netatalk Remote Code Execution

ubuntu
Calendar Grey June 8, 2023
Dist Ubuntu Esm H88
A multitude of vulnerabilities within netatalk have been resolved in Ubuntu; essential patches released for diverse editions. Keep updated!
Several security issues were fixed in Netatalk.

Summary

Several security issues were fixed in Netatalk.

Software Description:

- netatalk: Apple Filing Protocol service

Details:

It was discovered that Netatalk did not properly validate the length of

user-supplied data in the DSI structures. A remote attacker could possibly

use this issue to execute arbitrary code with the privileges of the user

invoking the programs. This issue only affected Ubuntu 20.04 LTS and Ubuntu

22.04 LTS. (CVE-2021-31439)

It was discovered that Netatalk did not properly validate the length of

user-supplied data in the ad_addcomment function. A remote attacker could

possibly use this issue to execute arbitrary code with root privileges.

This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

(CVE-2022-0194)

It was discovered that Netatalk did not properly handle errors when parsing

AppleDouble entries. A remote attacker could possibly use this issue to

execute arbitrary code with root privileges. This issue only affected

Ubuntu 14.04 LTS, Ubuntu 16.04...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
  netatalk                        3.1.13~ds-2ubuntu0.22.10.1

Ubuntu 22.04 LTS:
  netatalk                        3.1.12~ds-9ubuntu0.22.04.1

Ubuntu 20.04 LTS:
  netatalk                        3.1.12~ds-4ubuntu0.20.04.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  netatalk                        2.2.6-1ubuntu0.18.04.2+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  netatalk                        2.2.5-1ubuntu0.2+esm1

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
  netatalk                        2.2.2-1ubuntu2.2+esm1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6146-1

CVE-2021-31439, CVE-2022-0194, CVE-2022-23121, CVE-2022-23122,

CVE-2022-23123, CVE-2022-23124, CVE-2022-23125, CVE-2022-43634,

CVE-2022-45188

Severity
critical
Lowest
Low
Medium
High
Critical

June 08, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.