Headline
Ubuntu Security Notice USN-6786-1
Ubuntu Security Notice 6786-1 - It was discovered that Netatalk did not properly protect an SMB and AFP default configuration. A remote attacker could possibly use this issue to execute arbitrary code.
==========================================================================Ubuntu Security Notice USN-6786-1May 28, 2024netatalk vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Netatalk could allow arbitrary code execution if it receives a speciallycrafted input.Software Description:- netatalk: Apple Filing Protocol serviceDetails:It was discovered that Netatalk did not properly protect an SMB and AFPdefault configuration. A remote attacker could possibly use this issue toexecute arbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS netatalk 3.1.12~ds-9ubuntu0.22.04.3+esm1 Available with Ubuntu ProUbuntu 20.04 LTS netatalk 3.1.12~ds-4ubuntu0.20.04.3+esm1 Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-6786-1 CVE-2022-22995Related news
Gentoo Linux Security Advisory 202311-02
Gentoo Linux Security Advisory 202311-2 - Multiple vulnerabilities have been discovered in Netatalk, which could lead to remote code execution Versions greater than or equal to 3.1.18 are affected.
CVE-2022-22995: WDC-22005 Netatalk Security Vulnerabilities | Western Digital
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.