Operating System:

[Debian]

Published:

17 May 2023

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Read more
Resources > Security Bulletins > ESB-2023.2863 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.2863
                         netatalk security update
                                17 May 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           netatalk
Publisher:         Debian
Operating System:  Debian GNU/Linux
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-45188 CVE-2022-23125 CVE-2022-23124
                   CVE-2022-23123 CVE-2022-23122 CVE-2022-23121
                   CVE-2022-43634 CVE-2022-0194 CVE-2021-31439

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html

Comment: CVSS (Max):  9.8 CVE-2022-43634 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: NVD
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3426-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Markus Koschany
May 17, 2023                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : netatalk
Version        : 3.1.12~ds-3+deb10u1
CVE ID         : CVE-2021-31439 CVE-2022-0194 CVE-2022-23121 CVE-2022-23122
                 CVE-2022-23123 CVE-2022-23124 CVE-2022-23125 CVE-2022-43634
                 CVE-2022-45188
Debian Bug     : 1034170 1024021

Multiple security vulnerabilities have been discovered in netatalk, the 
Apple Filing Protocol service, which allow remote attackers to disclose 
sensitive information, cause a denial of service or execute arbitrary code.

For Debian 10 buster, these problems have been fixed in version
3.1.12~ds-3+deb10u1.

We recommend that you upgrade your netatalk packages.

For the detailed security status of netatalk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/netatalk

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -----BEGIN PGP SIGNATURE-----

iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmRkArpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRKSg//fFIBt6x+eRXPKIZcNxkdimq6tH10dyDH+j64R9B5VivpESGlGAxfd198
vHRTD04VS4IIDFnZxZyNzH6wxONxKwb62UJGww6CCqw1Ee00aMxNqwCRbpxefGag
xrJi0Q6daxiOLNKgIpak9+SanMmg65K6C+VqV7bA7KIBkrLWhvemj+42vIcYgm3s
+LEx1USiyg5q/YGS0874S3oVuXmRnHrJonKPI4MZtjOTuQP7Yux0grfV+nQuq9mn
lIDFbSWOkz4UNXVra55XTHlD4ChLrBVlY+3OJcAl1zv4Iypu3SxmT5u4kw1fs1BZ
NtN86wqGsyp22FLi94nw7B+IDDfrjgKPl3QjwA4JHtgD6WEV7Bd203GsKwHL9mb3
BtarCX1l7zSXjSp+FOzFbkZaoqUSnXbL346FDnwVcvEPYey5j3W7aj+O06jR3/wB
tdW9Az+uUFqxvdimQTX6Ybx98gNcmJx2Z2ZY1CRguKYEmAGYOhhtH4QvA9bjahxK
8xiWYKjoWJjN0eZDGXdkXR94L/EJ/0Tv14n+5pRMXuCSJSesyqmbgb7hXooQL5x/
wlJuPRyPlq0O1dUR+AkEdBpAkjRAagW+yKkXS01GvJ1mkvZTXYt2x8Tf4sHMPv+h
LtGJq91R7znKoniYnE6y7eDdbVgYyrh3L0/jupuumGgAl9I4jiU=
=z3ZA
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBZGRoqskNZI30y1K9AQgNNA/9ECXukOYuRSXWS6z+qg7ItpjCz4f12Prk
go2noJ8xmOsMTuDL4Jzfd6typt5+cT0dBZ6fEer+mvp8jS6s0nzpHvGkKWgJqcRK
uwT3sVU5+Etg8tXdnh0xAZaRsLMYv3rMS5i6nvR+JsO2aA6ENyLLSYz7VSjClHVa
NsxqxD82oMCfmoS96VF20Wlyrb9x29lbzYxwyiDhQcb3S6gbcUkCw+yzDaL/di5f
4PjbfpQyIgixcmuVXWLdiIAWrt90EVudfZquRHJrdi0if4W3BPJCz8BwKHYUNHtp
Iteq0kQC10DGJUqMGQpU7btAEuXhDg2IlBXotjbXvs5LDphSWsuiWdSH4NzRqf3Z
vGgwSj3q5pc8Qwj2a79TsoOFfVpaeiPYEZ/pxUBWQUOAK35UQl233DCx0pGqaIIj
a/hSPFzIhm1m7ySdvsFB1rQ5ZPJ8zu1dnmGeedgl/p9JRNYfurHA8ofkM2RXBdTY
DCPmDuyk2BwXYylOKuVtdDW88wiiQUJVtUXZRbbNKTnGX/Wy7CZUObB76b3ABai7
qQEUxHWhJ0GnVnY7I8u2ulGNm6v7W1bvPt6Uzmq6GyS2iHD4oTryesroigR+cnWO
2kc7ZrIFrb/S3Iv5iIt8pieIosgwCa2ptWC0gHNJL5jLPozGwKQepwX92+vWd1E9
b5IOj7IH+HY=
=SF+e
-----END PGP SIGNATURE-----