[ubuntu/focal-security] netatalk 3.1.12~ds-4ubuntu0.20.04.1 (Accepted)

Nishit Majithia nishit.majithia at canonical.com
Thu Jun 8 09:27:40 UTC 2023

netatalk (3.1.12~ds-4ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: RCE vulnerability
    - debian/patches/CVE-2021-31439.patch: libatalk: apply limit checking
      to DSI write offset
    - CVE-2021-31439
  * SECURITY UPDATE: RCE with root privileges
    - debian/patches/CVE-2022-0194_23122_23123_23124_*.patch: add defines
      for icon lengths, harden ad_entry(), add handling for cases where
      ad_entry() returns NULL, protect against removing AFP metadata xattr,
      avoid setting adouble entries on symlinks
    - debian/patches/CVE-2022-23121-*.patch: apply hardening to
    - debian/patches/CVE-2022-23125.patch: harden copyapplfile()
    - debian/patches/CVE-2022-43634.patch: fix dsi_writeinit() function
    - CVE-2022-0194
    - CVE-2022-23121
    - CVE-2022-23122
    - CVE-2022-23123
    - CVE-2022-23124
    - CVE-2022-23125
    - CVE-2022-43634
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-45188.patch: fixes the heap-based buffer
      overflow in afp_getappl()
    - CVE-2022-45188

Date: 2023-06-08 05:06:11.195867+00:00
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list