openSUSE-SU-2018:4287-1

Опубликовано: 28 дек. 2018

Источник: suse-cvrf

Описание

Security update for netatalk

This update for netatalk fixes the following issues:

Security issue fixed:

CVE-2018-1160 Fixed a missing bounds check in the handling of the DSI OPEN SESSION request, which allowed an unauthenticated to overwrite memory with data of their choice leading for arbitrary code execution with root privileges. (bsc#1119540)

Список пакетов

openSUSE Leap 42.3

libatalk16-3.1.7-8.3.1

netatalk-3.1.7-8.3.1

netatalk-devel-3.1.7-8.3.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00071.html
E-Mail link for openSUSE-SU-2018:4287-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.

Затронутые продукты

openSUSE Leap 42.3:libatalk16-3.1.7-8.3.1

openSUSE Leap 42.3:netatalk-3.1.7-8.3.1

openSUSE Leap 42.3:netatalk-devel-3.1.7-8.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-1160.html
CVE-2018-1160
https://bugzilla.suse.com/1119540
SUSE Bug 1119540

openSUSE-SU-2018:4287-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2018-1160

Описание

Затронутые продукты

Ссылки