SUSE-SU-2024:2301-1
- Source
- https://www.suse.com/support/update/announcement/2024/suse-su-20242301-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:2301-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2024:2301-1
- Upstream
- Related
- Published
- 2024-07-04T13:17:32Z
- Modified
- 2026-01-30T01:22:36.697664Z
- Summary
- Security update for netatalk
- Details
-
This update for netatalk fixes the following issues:
- CVE-2024-38439: Fixed a heap buffer overflow because of setting ibuf[PASSWDLEN] to \0 in FPLoginExt in login in etc/uams/uams_pam.c (bsc#1226430).
- CVE-2024-38440: Fixed a heap buffer overflow because of incorrectly using FPLoginExt in BNbin2bn in etc/uams/uamsdhx_pam.c (bsc#1226429).
- CVE-2024-38441: Fixed a heap buffer overflow because of setting ibuf[len] to \0 in FPMapName in afp_mapname in etc/afp/directory.c (bsc#1226431).
- References
-
- https://www.suse.com/support/update/announcement/2024/suse-su-20242301-1/
- https://bugzilla.suse.com/1226429
- https://bugzilla.suse.com/1226430
- https://bugzilla.suse.com/1226431
- https://www.suse.com/security/cve/CVE-2024-38439
- https://www.suse.com/security/cve/CVE-2024-38440
- https://www.suse.com/security/cve/CVE-2024-38441
Affected packages
SUSE:Linux Enterprise Software Development Kit 12 SP5
netatalk
Package
- Name
- netatalk
- Purl
- pkg:rpm/suse/netatalk&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.1.18-3.25.1
SUSE:Linux Enterprise Workstation Extension 12 SP5
netatalk
Package
- Name
- netatalk
- Purl
- pkg:rpm/suse/netatalk&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.1.18-3.25.1