Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Ubuntu 26.04 LTS Netatalk Multiple Security Issues USN-8395-1

Calendar Jun 09, 2026 User Avatar LinuxSecurity Advisories
2 - 3 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service SQL Injection arbitrary code execution Ubuntu netatalk
Several security issues were fixed in Netatalk. 
==========================================================================
Ubuntu Security Notice USN-8395-1
June 08, 2026

netatalk vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Netatalk.

Software Description:
- netatalk: Apple Filing Protocol service

Details:

Arjun Basnet discovered that Netatalk incorrectly sanitized user input in
its MySQL CNID backend. A remote authenticated attacker could possibly
use this issue to conduct SQL injection attacks. (CVE-2026-44047)

Arjun Basnet discovered that Netatalk incorrectly handled UCS-2 character
set conversion. A remote authenticated attacker could possibly use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2026-44048)

Arjun Basnet discovered that Netatalk improperly handled null termination
during character set conversion. A remote authenticated attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code. (CVE-2026-44049)

Arjun Basnet discovered that the Netatalk CNID daemon improperly handled
request-supplied name lengths. A local attacker could possibly use this
issue to cause a denial of service or execute arbitrary code with
escalated privileges. (CVE-2026-44050)

Arjun Basnet discovered that Netatalk improperly resolved symbolic links.
A remote authenticated attacker could possibly use this issue to read or
overwrite arbitrary files on the system. (CVE-2026-44051)

Arjun Basnet discovered that Netatalk incorrectly handled logging when
performing LDAP simple-bind operations. A local attacker could possibly
use this issue to obtain sensitive information. (CVE-2026-44052)

Arjun Basnet discovered that Netatalk contained an operator precedence
logic error when processing input. A remote authenticated attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code. (CVE-2026-44055)

Arjun Basnet discovered that Netatalk incorrectly handled DSI write
requests. A remote unauthenticated attacker could possibly use this
issue to cause a denial of service. (CVE-2026-44060)

Arjun Basnet discovered that Netatalk incorrectly validated output
lengths when converting character sets. A remote authenticated attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code. (CVE-2026-44062)

Arjun Basnet discovered that Netatalk incorrectly handled length
validation when parsing certain session identifiers. An attacker could
possibly use this issue to cause a denial of service. (CVE-2026-44064)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  netatalk                        4.2.3~ds-2.1ubuntu0.1

Ubuntu 24.04 LTS
  netatalk                        3.1.18~ds-1ubuntu0.1~esm2
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  netatalk                        3.1.12~ds-9ubuntu0.22.04.4+esm1
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  netatalk                        3.1.12~ds-4ubuntu0.20.04.4+esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  netatalk                        2.2.6-1ubuntu0.18.04.2+esm3
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  netatalk                        2.2.5-1ubuntu0.2+esm3
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  netatalk                        2.2.2-1ubuntu2.2+esm3
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8395-1
  CVE-2026-44047, CVE-2026-44048, CVE-2026-44049, CVE-2026-44050,
  CVE-2026-44051, CVE-2026-44052, CVE-2026-44055, CVE-2026-44060,
  CVE-2026-44062, CVE-2026-44064

Package Information:
  https://launchpad.net/ubuntu/+source/netatalk/4.2.3~ds-2.1ubuntu0.1

Ubuntu 26.04 LTS Netatalk Multiple Security Issues USN-8395-1

ubuntu
Calendar Grey June 9, 2026
Dist Ubuntu Esm H88
Multiple security issues in Netatalk fixed across various Ubuntu LTS versions. Update your systems as recommended.
Several security issues were fixed in Netatalk.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Netatalk. Software Description: - netatalk: Apple Filing Protocol service Details: Arjun Basnet discovered that Netatalk incorrectly sanitized user input in its MySQL CNID backend. A remote authenticated attacker could possibly use this issue to conduct SQL injection attacks. (CVE-2026-44047) Arjun Basnet discovered that Netatalk incorrectly handled UCS-2 character set conversion. A remote authenticated attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-44048) Arjun Basnet discovered that Netatalk improperly handled null termination during character set conversion. A remote authenticated attacker could possibly use this issue to cause a denial of service or execute arbitrary ...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service SQL Injection arbitrary code execution Ubuntu netatalk

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS netatalk 4.2.3~ds-2.1ubuntu0.1 Ubuntu 24.04 LTS netatalk 3.1.18~ds-1ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 22.04 LTS netatalk 3.1.12~ds-9ubuntu0.22.04.4+esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS netatalk 3.1.12~ds-4ubuntu0.20.04.4+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS netatalk 2.2.6-1ubuntu0.18.04.2+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS netatalk 2.2.5-1ubuntu0.2+esm3 Available with Ubuntu Pro Ubuntu 14.04 LTS netatalk 2.2.2-1ubuntu2.2+esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8395-1

CVE-2026-44047, CVE-2026-44048, CVE-2026-44049, CVE-2026-44050,

CVE-2026-44051, CVE-2026-44052, CVE-2026-44055, CVE-2026-44060,

CVE-2026-44062, CVE-2026-44064

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8395-1

Topics%20covered

Topics Covered

security advisory denial of service SQL Injection arbitrary code execution Ubuntu netatalk

Package Information

https://launchpad.net/ubuntu/+source/netatalk/4.2.3~ds-2.1ubuntu0.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here