Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.2863 netatalk security update 17 May 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: netatalk Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-45188 CVE-2022-23125 CVE-2022-23124 CVE-2022-23123 CVE-2022-23122 CVE-2022-23121 CVE-2022-43634 CVE-2022-0194 CVE-2021-31439 Original Bulletin: https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html Comment: CVSS (Max): 9.8 CVE-2022-43634 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3426-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany May 17, 2023 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : netatalk Version : 3.1.12~ds-3+deb10u1 CVE ID : CVE-2021-31439 CVE-2022-0194 CVE-2022-23121 CVE-2022-23122 CVE-2022-23123 CVE-2022-23124 CVE-2022-23125 CVE-2022-43634 CVE-2022-45188 Debian Bug : 1034170 1024021 Multiple security vulnerabilities have been discovered in netatalk, the Apple Filing Protocol service, which allow remote attackers to disclose sensitive information, cause a denial of service or execute arbitrary code. For Debian 10 buster, these problems have been fixed in version 3.1.12~ds-3+deb10u1. We recommend that you upgrade your netatalk packages. For the detailed security status of netatalk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/netatalk Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmRkArpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRKSg//fFIBt6x+eRXPKIZcNxkdimq6tH10dyDH+j64R9B5VivpESGlGAxfd198 vHRTD04VS4IIDFnZxZyNzH6wxONxKwb62UJGww6CCqw1Ee00aMxNqwCRbpxefGag xrJi0Q6daxiOLNKgIpak9+SanMmg65K6C+VqV7bA7KIBkrLWhvemj+42vIcYgm3s +LEx1USiyg5q/YGS0874S3oVuXmRnHrJonKPI4MZtjOTuQP7Yux0grfV+nQuq9mn lIDFbSWOkz4UNXVra55XTHlD4ChLrBVlY+3OJcAl1zv4Iypu3SxmT5u4kw1fs1BZ NtN86wqGsyp22FLi94nw7B+IDDfrjgKPl3QjwA4JHtgD6WEV7Bd203GsKwHL9mb3 BtarCX1l7zSXjSp+FOzFbkZaoqUSnXbL346FDnwVcvEPYey5j3W7aj+O06jR3/wB tdW9Az+uUFqxvdimQTX6Ybx98gNcmJx2Z2ZY1CRguKYEmAGYOhhtH4QvA9bjahxK 8xiWYKjoWJjN0eZDGXdkXR94L/EJ/0Tv14n+5pRMXuCSJSesyqmbgb7hXooQL5x/ wlJuPRyPlq0O1dUR+AkEdBpAkjRAagW+yKkXS01GvJ1mkvZTXYt2x8Tf4sHMPv+h LtGJq91R7znKoniYnE6y7eDdbVgYyrh3L0/jupuumGgAl9I4jiU= =z3ZA - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBZGRoqskNZI30y1K9AQgNNA/9ECXukOYuRSXWS6z+qg7ItpjCz4f12Prk go2noJ8xmOsMTuDL4Jzfd6typt5+cT0dBZ6fEer+mvp8jS6s0nzpHvGkKWgJqcRK uwT3sVU5+Etg8tXdnh0xAZaRsLMYv3rMS5i6nvR+JsO2aA6ENyLLSYz7VSjClHVa NsxqxD82oMCfmoS96VF20Wlyrb9x29lbzYxwyiDhQcb3S6gbcUkCw+yzDaL/di5f 4PjbfpQyIgixcmuVXWLdiIAWrt90EVudfZquRHJrdi0if4W3BPJCz8BwKHYUNHtp Iteq0kQC10DGJUqMGQpU7btAEuXhDg2IlBXotjbXvs5LDphSWsuiWdSH4NzRqf3Z vGgwSj3q5pc8Qwj2a79TsoOFfVpaeiPYEZ/pxUBWQUOAK35UQl233DCx0pGqaIIj a/hSPFzIhm1m7ySdvsFB1rQ5ZPJ8zu1dnmGeedgl/p9JRNYfurHA8ofkM2RXBdTY DCPmDuyk2BwXYylOKuVtdDW88wiiQUJVtUXZRbbNKTnGX/Wy7CZUObB76b3ABai7 qQEUxHWhJ0GnVnY7I8u2ulGNm6v7W1bvPt6Uzmq6GyS2iHD4oTryesroigR+cnWO 2kc7ZrIFrb/S3Iv5iIt8pieIosgwCa2ptWC0gHNJL5jLPozGwKQepwX92+vWd1E9 b5IOj7IH+HY= =SF+e -----END PGP SIGNATURE-----