oss-sec mailing list archives
netatalk 4.4.3 fixes 20 CVEs, leaves 18 for later
From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Fri, 15 May 2026 12:36:24 -0700
https://sourceforge.net/p/netatalk/mailman/message/59334272/ announced:
The Netatalk team is proud to announce the latest version in the Netatalk 4.4 release series. In addition to the following security fixes, this release contains a handful of UAM and container hardening improvements. CVE-2026-44047, CVE-2026-44048, CVE-2026-44049, CVE-2026-44050, CVE-2026-44051, CVE-2026-44052, CVE-2026-44054, CVE-2026-44055, CVE-2026-44057, CVE-2026-44060, CVE-2026-44062, CVE-2026-44064, CVE-2026-44066, CVE-2026-44068, CVE-2026-44076, CVE-2026-45354, CVE-2026-45355, CVE-2026-45356, CVE-2026-45698, CVE-2026-45699 All users of previous Netatalk versions are encouraged to upgrade to 4.4.3. Release notes: https://netatalk.io/4.4/ReleaseNotes4.4.3 Security advisories: https://netatalk.io/security
https://netatalk.io/4.4/ReleaseNotes4.4.3 adds:
Note that there are another outstanding 18 CVEs that are not fixed in this release, because the Netatalk team deemed them to be of lower severity. These will be addressed in a future feature release.
https://netatalk.io/security provides these one line summaries, with links to more details:
CVE ID Subject Disclosure Affected Vers Severity CVE-2026-45699 Stack-based buffer overflow in copydir() 2026/05/13 3.2.0 - 4.4.2 High CVE-2026-45698 Stack-based buffer overflow in deletedir() 2026/05/13 3.2.0 - 4.4.2 High CVE-2026-45356 Integer underflow in Spotlight RPC count decrement 2026/05/13 3.1.0 - 4.4.2 High CVE-2026-45355 Integer underflow to heap OOB read 2026/05/13 3.1.0 - 4.4.2 High CVE-2026-45354 Pre-authentication DSI protocol desync 2026/05/13 1.5.0 - 4.4.2 High CVE-2026-44076 Shell injection via volume path 2026/05/13 3.1.0 - 4.4.2 Medium CVE-2026-44075 Missing break in DSI OpenSession 2026/05/13 1.5.0 - 4.4.3 None CVE-2026-44074 Bitwise OR of errno values 2026/05/13 2.1.0 - 4.4.3 None CVE-2026-44073 seteuid failure ignored in auth modules 2026/05/13 1.5.0 - 4.4.3 Medium CVE-2026-44072 system() after failed chdir() 2026/05/13 2.2.1 - 4.4.3 Low CVE-2026-44071 FORTIFY_SOURCE disabled 2026/05/13 3.1.2 - 4.4.3 None CVE-2026-44070 Unbounded realloc in charset conversion 2026/05/13 2.0.0 - 4.4.3 Low CVE-2026-44069 Integer underflow in volxlate 2026/05/13 3.0.0 - 4.4.3 Low CVE-2026-44068 EA path traversal via incomplete sanitization 2026/05/13 2.1.0 - 4.4.2 High CVE-2026-44067 EA header parsing heap over-read 2026/05/13 2.1.0 - 4.4.3 Low CVE-2026-44066 Heap out-of-bounds reads in Spotlight RPC unmarshalling 2026/05/13 3.0.0 - 4.4.2 High CVE-2026-44065 Off-by-two in papd lp_write() 2026/05/13 2.0.0 - 4.4.3 Low CVE-2026-44064 ASP session ID out-of-bounds access 2026/05/13 1.3 - 4.4.2 High CVE-2026-44063 LDAP filter injection 2026/05/13 2.1.0 - 4.4.3 Medium CVE-2026-44062 Missing o_len bounds check in pull_charset_flags() 2026/05/13 2.0.4 - 4.4.2 High CVE-2026-44061 DES-ECB auth with timing side channel 2026/05/13 1.5.0 - 4.4.3 Medium CVE-2026-44060 Integer underflow in dsi_writeinit() 2026/05/13 1.5.0 - 4.4.2 High CVE-2026-44059 Non-reentrant privilege toggle 2026/05/13 2.2.5 - 4.4.3 Low CVE-2026-44058 Authentication bypass via admin auth user 2026/05/13 2.2.2 - 4.4.3 Medium CVE-2026-44057 Dead bounds check in Spotlight RPC unmarshaller 2026/05/13 3.0.0 - 4.4.2 None CVE-2026-44056 Stack buffer overflow in desktop.c 2026/05/13 1.3 - 4.2.3 Medium CVE-2026-44055 Bitwise OR logic bug enables shell injection 2026/05/13 3.1.4 - 4.4.2 High CVE-2026-44054 Predictable afpd session token 2026/05/13 2.0.0 - 4.4.2 Medium CVE-2026-44053 Weak cryptography in DHCAST128 UAM 2026/05/13 1.5.0 - 4.2.3 High CVE-2026-44052 LDAP simple-bind password exposure in log output 2026/05/13 2.1.0 - 4.4.2 High CVE-2026-44051 Arbitrary file read via attacker-controlled symlink 2026/05/13 3.0.2 - 4.4.2 High CVE-2026-44050 Heap buffer overflow in CNID daemon comm_rcv() 2026/05/13 2.0.0 - 4.4.2 Critical CVE-2026-44049 Out-of-bounds write in convert_charset null termination 2026/05/13 2.0.4 - 4.4.2 High CVE-2026-44048 Stack buffer overflow via UCS-2 type confusion in ... 2026/05/13 2.0.4 - 4.4.2 High CVE-2026-44047 SQL injection in MySQL CNID backend 2026/05/13 3.1.0 - 4.4.2 High CVE-2026-7837 TOCTOU with root privilege in ad_flush 2026/05/13 3.0.0 - 4.4.3 None CVE-2026-7836 hextoint macro uppercase bug 2026/05/13 2.0.0 - 4.4.3 Low CVE-2026-7835 Format string argument mismatch 2026/05/13 3.0.3 - 4.4.3 Low
--
-Alan Coopersmith- alan.coopersmith () oracle com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
Current thread:
- netatalk 4.4.3 fixes 20 CVEs, leaves 18 for later Alan Coopersmith (May 15)
