[SECURITY] [DLA 3968-1] netatalk security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3968-1] netatalk security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Wed, 27 Nov 2024 23:46:37 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2411272341330.13830@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3968-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
November 28, 2024                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : netatalk
Version        : 3.1.12~ds-8+deb11u2
CVE ID         : CVE-2022-22995 CVE-2024-38439 CVE-2024-38440
                 CVE-2024-38441

Several issues have been found in netatalk, an Apple Filing Protocolservice. Three issues are related to off-by-one errorrs and resultantheap-based buffer overflow. One issue is related to primitives offered bySMB and AFP, which might allow an attacker to write arbitrary files andeventually execute arbitrary code.



For Debian 11 bullseye, these problems have been fixed in version
3.1.12~ds-8+deb11u2.

We recommend that you upgrade your netatalk packages.

For the detailed security status of netatalk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/netatalk

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmdHr11fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfygw//b5qXangruo9ngL/E2wcl0sBslN26qF++JWNCFym2LLTBCvWXr/eFaKWU
xUYFG5T5cKc0qUSxGBVYyKM97PrIdJtTHpxgddYZ+rvFhvgs8RWKKB1u+Ld6d3J+
+jx4ZK6ACUKaBaL27kAOkvAbroaEhKGqAwv2CNZBHXrEB7wlXJ+5XrA12Wzld9aY
vgPyJ6Wq1dc50Xr2UnnvnNHC01IVkaJ9z9Lu6JXoHJsKVYgTMW6CukSAkhqTsMTk
X1YLKEm2fAa7dOOJOhF4yAN9v17aGjWMqhycmU9FwmbP7rsZtf+S7+rFuSxWYcTR
1Xy0gk0rfzS2Mb7i8gN2laYlF9t0LPggSNThCYa08DmjoI9xc29e0U8LyfKwkY1+
1VA8xQ+mYBUFKnvj1/zCm4lFcm5z2J0o74Xi5L3vRPC/RLClTTW1ql1XIG52bUaa
KvPtg69mi4p5MBtNLvHadOebxNDktk5BfKxYbN1ifISSyECmQqbTi87rl4nnUf3k
AKOzOJp3C6+jml/DFsDYtT8wzN1Gtw0EYK8H8mQ1g9UgbEWD3OzhbpRvadtwzR84
mpPbGlHGfTS7U22qZjsAFbFdgM+yf1u/YXJR8IoPxmnMs3OTy8oXeTaVU5kadalm
Crw4fcqdcG46NFB9AscLe0PLfi8t5DDRE1b/moGajtenj+kIzrM=
=7ZJc
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3967-1] mpg123 security update
Next by Date: [SECURITY] [DLA 3969-1] thunderbird security update
Previous by thread: [SECURITY] [DLA 3967-1] mpg123 security update
Next by thread: [SECURITY] [DLA 3969-1] thunderbird security update
Index(es):
- Date
- Thread