[<prev] [next>] [day] [month] [year] [list]
Message-ID: <f3e23103-683c-4b46-9a17-fdbf43312284@oracle.com>
Date: Fri, 15 May 2026 12:36:24 -0700
From: Alan Coopersmith <alan.coopersmith@...cle.com>
To: oss-security@...ts.openwall.com
Subject: netatalk 4.4.3 fixes 20 CVEs, leaves 18 for later
https://sourceforge.net/p/netatalk/mailman/message/59334272/ announced:
> The Netatalk team is proud to announce the latest version in the Netatalk 4.4 release series.
>
> In addition to the following security fixes, this release contains a handful of UAM and container hardening improvements.
>
> CVE-2026-44047, CVE-2026-44048, CVE-2026-44049, CVE-2026-44050,
> CVE-2026-44051, CVE-2026-44052, CVE-2026-44054, CVE-2026-44055,
> CVE-2026-44057, CVE-2026-44060, CVE-2026-44062, CVE-2026-44064,
> CVE-2026-44066, CVE-2026-44068, CVE-2026-44076, CVE-2026-45354,
> CVE-2026-45355, CVE-2026-45356, CVE-2026-45698, CVE-2026-45699
>
> All users of previous Netatalk versions are encouraged to upgrade to 4.4.3.
>
> Release notes: https://netatalk.io/4.4/ReleaseNotes4.4.3
>
> Security advisories: https://netatalk.io/security
https://netatalk.io/4.4/ReleaseNotes4.4.3 adds:
> Note that there are another outstanding 18 CVEs that are not fixed in
> this release, because the Netatalk team deemed them to be of lower
> severity. These will be addressed in a future feature release.
https://netatalk.io/security provides these one line summaries, with
links to more details:
> CVE ID Subject Disclosure Affected Vers Severity
> CVE-2026-45699 Stack-based buffer overflow in copydir() 2026/05/13 3.2.0 - 4.4.2 High
> CVE-2026-45698 Stack-based buffer overflow in deletedir() 2026/05/13 3.2.0 - 4.4.2 High
> CVE-2026-45356 Integer underflow in Spotlight RPC count decrement 2026/05/13 3.1.0 - 4.4.2 High
> CVE-2026-45355 Integer underflow to heap OOB read 2026/05/13 3.1.0 - 4.4.2 High
> CVE-2026-45354 Pre-authentication DSI protocol desync 2026/05/13 1.5.0 - 4.4.2 High
> CVE-2026-44076 Shell injection via volume path 2026/05/13 3.1.0 - 4.4.2 Medium
> CVE-2026-44075 Missing break in DSI OpenSession 2026/05/13 1.5.0 - 4.4.3 None
> CVE-2026-44074 Bitwise OR of errno values 2026/05/13 2.1.0 - 4.4.3 None
> CVE-2026-44073 seteuid failure ignored in auth modules 2026/05/13 1.5.0 - 4.4.3 Medium
> CVE-2026-44072 system() after failed chdir() 2026/05/13 2.2.1 - 4.4.3 Low
> CVE-2026-44071 FORTIFY_SOURCE disabled 2026/05/13 3.1.2 - 4.4.3 None
> CVE-2026-44070 Unbounded realloc in charset conversion 2026/05/13 2.0.0 - 4.4.3 Low
> CVE-2026-44069 Integer underflow in volxlate 2026/05/13 3.0.0 - 4.4.3 Low
> CVE-2026-44068 EA path traversal via incomplete sanitization 2026/05/13 2.1.0 - 4.4.2 High
> CVE-2026-44067 EA header parsing heap over-read 2026/05/13 2.1.0 - 4.4.3 Low
> CVE-2026-44066 Heap out-of-bounds reads in Spotlight RPC unmarshalling 2026/05/13 3.0.0 - 4.4.2 High
> CVE-2026-44065 Off-by-two in papd lp_write() 2026/05/13 2.0.0 - 4.4.3 Low
> CVE-2026-44064 ASP session ID out-of-bounds access 2026/05/13 1.3 - 4.4.2 High
> CVE-2026-44063 LDAP filter injection 2026/05/13 2.1.0 - 4.4.3 Medium
> CVE-2026-44062 Missing o_len bounds check in pull_charset_flags() 2026/05/13 2.0.4 - 4.4.2 High
> CVE-2026-44061 DES-ECB auth with timing side channel 2026/05/13 1.5.0 - 4.4.3 Medium
> CVE-2026-44060 Integer underflow in dsi_writeinit() 2026/05/13 1.5.0 - 4.4.2 High
> CVE-2026-44059 Non-reentrant privilege toggle 2026/05/13 2.2.5 - 4.4.3 Low
> CVE-2026-44058 Authentication bypass via admin auth user 2026/05/13 2.2.2 - 4.4.3 Medium
> CVE-2026-44057 Dead bounds check in Spotlight RPC unmarshaller 2026/05/13 3.0.0 - 4.4.2 None
> CVE-2026-44056 Stack buffer overflow in desktop.c 2026/05/13 1.3 - 4.2.3 Medium
> CVE-2026-44055 Bitwise OR logic bug enables shell injection 2026/05/13 3.1.4 - 4.4.2 High
> CVE-2026-44054 Predictable afpd session token 2026/05/13 2.0.0 - 4.4.2 Medium
> CVE-2026-44053 Weak cryptography in DHCAST128 UAM 2026/05/13 1.5.0 - 4.2.3 High
> CVE-2026-44052 LDAP simple-bind password exposure in log output 2026/05/13 2.1.0 - 4.4.2 High
> CVE-2026-44051 Arbitrary file read via attacker-controlled symlink 2026/05/13 3.0.2 - 4.4.2 High
> CVE-2026-44050 Heap buffer overflow in CNID daemon comm_rcv() 2026/05/13 2.0.0 - 4.4.2 Critical
> CVE-2026-44049 Out-of-bounds write in convert_charset null termination 2026/05/13 2.0.4 - 4.4.2 High
> CVE-2026-44048 Stack buffer overflow via UCS-2 type confusion in ... 2026/05/13 2.0.4 - 4.4.2 High
> CVE-2026-44047 SQL injection in MySQL CNID backend 2026/05/13 3.1.0 - 4.4.2 High
> CVE-2026-7837 TOCTOU with root privilege in ad_flush 2026/05/13 3.0.0 - 4.4.3 None
> CVE-2026-7836 hextoint macro uppercase bug 2026/05/13 2.0.0 - 4.4.3 Low
> CVE-2026-7835 Format string argument mismatch 2026/05/13 3.0.3 - 4.4.3 Low
--
-Alan Coopersmith- alan.coopersmith@...cle.com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
