Описание
Security update for netatalk
This update for netatalk fixes the following issues:
- CVE-2022-43634: Fixed heap-based Buffer Overflow in dsi_writeinit (bsc#1207974).
Список пакетов
SUSE Linux Enterprise Software Development Kit 12 SP5
libatalk12-3.1.0-3.14.1
netatalk-3.1.0-3.14.1
netatalk-devel-3.1.0-3.14.1
SUSE Linux Enterprise Workstation Extension 12 SP5
libatalk12-3.1.0-3.14.1
netatalk-3.1.0-3.14.1
Ссылки
- Link for SUSE-SU-2023:0316-1
- E-Mail link for SUSE-SU-2023:0316-1
- SUSE Security Ratings
- SUSE Bug 1207974
- SUSE CVE CVE-2022-43634 page
Описание
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP5:libatalk12-3.1.0-3.14.1
SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-3.1.0-3.14.1
SUSE Linux Enterprise Software Development Kit 12 SP5:netatalk-devel-3.1.0-3.14.1
SUSE Linux Enterprise Workstation Extension 12 SP5:libatalk12-3.1.0-3.14.1
Ссылки
- CVE-2022-43634
- SUSE Bug 1207974