[ubuntu/resolute-security] netatalk 4.2.3~ds-2.1ubuntu0.1 (Accepted)

Shishir Subedi shishirsub10 at gmail.com
Tue Jun 9 03:30:03 UTC 2026 

netatalk (4.2.3~ds-2.1ubuntu0.1) resolute-security; urgency=medium

  * SECURITY UPDATE: sql injection
    - debian/patches/CVE-2026-44047.patch: cnid: protect against MySQL CNID
      filename SQL injection in cnid_mysql.c.
    - CVE-2026-44047
  * SECURITY UPDATE: buffer out-of-bounds write
    - debian/patches/CVE-2026-44048.patch: fix UCS-2 terminator bounds in
      charset conversion in libatalk/unicode/charcnv.c
    - debian/patches/CVE-2026-44049.patch: reserve charset terminator space
      in conversion in etc/afpd/desktop.c, etc/afpd/mangle.c,
      libatalk/unicode/charcnv.c.
    - CVE-2026-44048
    - CVE-2026-44049
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2026-44050.patch: cnid_dbd: validate CNID request
      name length in etc/cnid_dbd/comm.c.
    - CVE-2026-44050
  * SECURITY UPDATE: improper link resolution before access
    - debian/patches/CVE-2026-44051.patch: afpd: validate symlink targets
      from FinderInfo in etc/afpd/file.c.
    - CVE-2026-44051
  * SECURITY UPDATE: logging of sensitive information
    - debian/patches/CVE-2026-44052.patch: libatalk: avoid logging LDAP
      bind passwords in libatalk/acl/ldap.c.
    - CVE-2026-44052
  * SECURITY UPDATE: command injection
    - debian/patches/CVE-2026-44055.patch: afpd: correct bitwise check and
      escape user in FCE notify script in etc/afpd/fce_api.c.
    - CVE-2026-44055
  * SECURITY UPDATE: integer underflow
    - debian/patches/CVE-2026-44060.patch: libatalk/dsi: fix write
      underflow in dsi_writeinit in libatalk/dsi/dsi_write.c.
    - CVE-2026-44060
  * SECURITY UPDATE: out-of-bounds write
    - debian/patches/CVE-2026-44062.patch: libatalk/unicode: guard UCS2
      slash and colon writes in libatalk/unicode/charcnv.c.
    - CVE-2026-44062
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2026-44064.patch: libatalk/asp: bounds-check ASP
      session ID in libatalk/asp/asp_getsess.c.
    - CVE-2026-44064

Date: 2026-06-05 08:24:16.388322+00:00
Changed-By: Shishir Subedi <shishirsub10 at gmail.com>
https://launchpad.net/ubuntu/+source/netatalk/4.2.3~ds-2.1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Resolute-changes mailing list