Tuesday, December 12, 2023

[USN-6552-1] Netatalk vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEhC9y9XdAFQPCvYXchGmXSGiknnUFAmV4iPoFAwAAAAAACgkQhGmXSGiknnUr
PhAAqy3ZPq/8D9kd0QpIyqZjNw5vBhn/7hSeJMbCPC9YdV1DS5OXsIKVM7BjEVguZx94cJrN3h4J
NCpJxJvyhm7Sx8Y2uT1dxmzvwYI/mEp8XjtzT3uGShG0+5Kom7fwlewi2gF0g942N5RqJmumHexd
aXnNQAXzVaHnCYuAPHRymeZbnWzv/TE6Yi+qPPFPZ65ys1Agdl7Xe1ILYM+T5rwsq/Dg3khURp5U
8ISN6QssiDhsCo/v0WgcZ5GQv1LUwAYU7nyy0jFSYNfZaKVeXQyU1W9SS3IB97SyuPKfYyMXkji4
PoktAr7PPQk+FszmUQj39dODGb7ufkAs7EFTQuvH7egDyRGon55MQiZO+7nD3+3Tn7FEJnIt8UPC
X8ctCePOF7+QU8qUihsJZr37Qw2dUemtNSC7MZ9AGguERvwMu2nP5vG4XftmK6xLBO/TCD+FoFuC
6/OMJWpU8GB5HV58Ko94ptiT3sljDqhPo71AQysJ812VWwOna63Rm4g1UG162U9z87VLfR7OZLsE
XiVex/+PjqD4CThdZHTM3Jp40Q5ekkxF4nsYZEb1w4m0zrowgqmTQCvQGzMXzo9ZGtrJklp8UdY0
Fwy1O81CXbYW4DhcghGdBhpspGHHcsbqLMpUFjB87KYoLBNUnHKtLAQuYBoatDXj3YDvIHS1TkJt
+2Y=
=9rHZ
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6552-1
December 12, 2023

netatalk vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Netatalk could be made to crash or run programs if it received
specially crafted network traffic.

Software Description:
- netatalk: Apple Filing Protocol service

Details:

Florent Saudel and Arnaud Gatignol discovered that Netatalk incorrectly
handled certain specially crafted Spotlight requests. A remote attacker could
possibly use this issue to cause heap corruption and execute arbitrary code.
(CVE-2023-42464)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
netatalk 3.1.14~ds-1ubuntu0.1

Ubuntu 22.04 LTS:
netatalk 3.1.12~ds-9ubuntu0.22.04.3

Ubuntu 20.04 LTS:
netatalk 3.1.12~ds-4ubuntu0.20.04.3

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6552-1
CVE-2023-42464

Package Information:
https://launchpad.net/ubuntu/+source/netatalk/3.1.14~ds-1ubuntu0.1
https://launchpad.net/ubuntu/+source/netatalk/3.1.12~ds-9ubuntu0.22.04.3
https://launchpad.net/ubuntu/+source/netatalk/3.1.12~ds-4ubuntu0.20.04.3

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)