Описание
Security update for netatalk
This update for netatalk fixes the following issues:
Security issue fixed:
- CVE-2018-1160 Fixed a missing bounds check in the handling of the DSI OPEN SESSION request, which allowed an unauthenticated to overwrite memory with data of their choice leading to arbitrary code execution with root privileges. (bsc#1119540)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
libatalk12-3.1.0-3.3.1
netatalk-3.1.0-3.3.1
SUSE Linux Enterprise Desktop 12 SP4
libatalk12-3.1.0-3.3.1
netatalk-3.1.0-3.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libatalk12-3.1.0-3.3.1
netatalk-3.1.0-3.3.1
netatalk-devel-3.1.0-3.3.1
SUSE Linux Enterprise Software Development Kit 12 SP4
libatalk12-3.1.0-3.3.1
netatalk-3.1.0-3.3.1
netatalk-devel-3.1.0-3.3.1
SUSE Linux Enterprise Workstation Extension 12 SP3
libatalk12-3.1.0-3.3.1
netatalk-3.1.0-3.3.1
SUSE Linux Enterprise Workstation Extension 12 SP4
libatalk12-3.1.0-3.3.1
netatalk-3.1.0-3.3.1
Ссылки
- Link for SUSE-SU-2018:4217-1
- E-Mail link for SUSE-SU-2018:4217-1
- SUSE Security Ratings
- SUSE Bug 1119540
- SUSE CVE CVE-2018-1160 page
Описание
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libatalk12-3.1.0-3.3.1
SUSE Linux Enterprise Desktop 12 SP3:netatalk-3.1.0-3.3.1
SUSE Linux Enterprise Desktop 12 SP4:libatalk12-3.1.0-3.3.1
SUSE Linux Enterprise Desktop 12 SP4:netatalk-3.1.0-3.3.1
Ссылки
- CVE-2018-1160
- SUSE Bug 1119540