[oss-security] netatalk 4.4.3 fixes 20 CVEs, leaves 18 for later

Fri, 15 May 2026 12:48:27 -0700 

https://sourceforge.net/p/netatalk/mailman/message/59334272/ announced:

The Netatalk team is proud to announce the latest version in the Netatalk 4.4 
release series.

In addition to the following security fixes, this release contains a handful of 
UAM and container hardening improvements.

CVE-2026-44047, CVE-2026-44048, CVE-2026-44049, CVE-2026-44050,
CVE-2026-44051, CVE-2026-44052, CVE-2026-44054, CVE-2026-44055,
CVE-2026-44057, CVE-2026-44060, CVE-2026-44062, CVE-2026-44064,
CVE-2026-44066, CVE-2026-44068, CVE-2026-44076, CVE-2026-45354,
CVE-2026-45355, CVE-2026-45356, CVE-2026-45698, CVE-2026-45699

All users of previous Netatalk versions are encouraged to upgrade to 4.4.3.

Release notes: https://netatalk.io/4.4/ReleaseNotes4.4.3

Security advisories: https://netatalk.io/security


https://netatalk.io/4.4/ReleaseNotes4.4.3 adds:

Note that there are another outstanding 18 CVEs that are not fixed in
this release, because the Netatalk team deemed them to be of lower
severity. These will be addressed in a future feature release.


https://netatalk.io/security provides these one line summaries, with
links to more details:

CVE ID          Subject                                                 
Disclosure      Affected Vers   Severity
CVE-2026-45699  Stack-based buffer overflow in copydir()                
2026/05/13      3.2.0 - 4.4.2   High
CVE-2026-45698  Stack-based buffer overflow in deletedir()              
2026/05/13      3.2.0 - 4.4.2   High
CVE-2026-45356  Integer underflow in Spotlight RPC count decrement      
2026/05/13      3.1.0 - 4.4.2   High
CVE-2026-45355  Integer underflow to heap OOB read                      
2026/05/13      3.1.0 - 4.4.2   High
CVE-2026-45354  Pre-authentication DSI protocol desync                  
2026/05/13      1.5.0 - 4.4.2   High
CVE-2026-44076  Shell injection via volume path                         
2026/05/13      3.1.0 - 4.4.2   Medium
CVE-2026-44075  Missing break in DSI OpenSession                        
2026/05/13      1.5.0 - 4.4.3   None
CVE-2026-44074  Bitwise OR of errno values                              
2026/05/13      2.1.0 - 4.4.3   None
CVE-2026-44073  seteuid failure ignored in auth modules                 
2026/05/13      1.5.0 - 4.4.3   Medium
CVE-2026-44072  system() after failed chdir()                           
2026/05/13      2.2.1 - 4.4.3   Low
CVE-2026-44071  FORTIFY_SOURCE disabled                                 
2026/05/13      3.1.2 - 4.4.3   None
CVE-2026-44070  Unbounded realloc in charset conversion                 
2026/05/13      2.0.0 - 4.4.3   Low
CVE-2026-44069  Integer underflow in volxlate                           
2026/05/13      3.0.0 - 4.4.3   Low
CVE-2026-44068  EA path traversal via incomplete sanitization           
2026/05/13      2.1.0 - 4.4.2   High
CVE-2026-44067  EA header parsing heap over-read                        
2026/05/13      2.1.0 - 4.4.3   Low
CVE-2026-44066  Heap out-of-bounds reads in Spotlight RPC unmarshalling 
2026/05/13      3.0.0 - 4.4.2   High
CVE-2026-44065  Off-by-two in papd lp_write()                           
2026/05/13      2.0.0 - 4.4.3   Low
CVE-2026-44064  ASP session ID out-of-bounds access                     
2026/05/13      1.3 - 4.4.2     High
CVE-2026-44063  LDAP filter injection                                   
2026/05/13      2.1.0 - 4.4.3   Medium
CVE-2026-44062  Missing o_len bounds check in pull_charset_flags()      
2026/05/13      2.0.4 - 4.4.2   High
CVE-2026-44061  DES-ECB auth with timing side channel                   
2026/05/13      1.5.0 - 4.4.3   Medium
CVE-2026-44060  Integer underflow in dsi_writeinit()                    
2026/05/13      1.5.0 - 4.4.2   High
CVE-2026-44059  Non-reentrant privilege toggle                          
2026/05/13      2.2.5 - 4.4.3   Low
CVE-2026-44058  Authentication bypass via admin auth user               
2026/05/13      2.2.2 - 4.4.3   Medium
CVE-2026-44057  Dead bounds check in Spotlight RPC unmarshaller         
2026/05/13      3.0.0 - 4.4.2   None
CVE-2026-44056  Stack buffer overflow in desktop.c                      
2026/05/13      1.3 - 4.2.3     Medium
CVE-2026-44055  Bitwise OR logic bug enables shell injection            
2026/05/13      3.1.4 - 4.4.2   High
CVE-2026-44054  Predictable afpd session token                          
2026/05/13      2.0.0 - 4.4.2   Medium
CVE-2026-44053  Weak cryptography in DHCAST128 UAM                      
2026/05/13      1.5.0 - 4.2.3   High
CVE-2026-44052  LDAP simple-bind password exposure in log output        
2026/05/13      2.1.0 - 4.4.2   High
CVE-2026-44051  Arbitrary file read via attacker-controlled symlink     
2026/05/13      3.0.2 - 4.4.2   High
CVE-2026-44050  Heap buffer overflow in CNID daemon comm_rcv()          
2026/05/13      2.0.0 - 4.4.2   Critical
CVE-2026-44049  Out-of-bounds write in convert_charset null termination 
2026/05/13      2.0.4 - 4.4.2   High
CVE-2026-44048  Stack buffer overflow via UCS-2 type confusion in ...   
2026/05/13      2.0.4 - 4.4.2   High
CVE-2026-44047  SQL injection in MySQL CNID backend                     
2026/05/13      3.1.0 - 4.4.2   High
CVE-2026-7837   TOCTOU with root privilege in ad_flush                  
2026/05/13      3.0.0 - 4.4.3   None
CVE-2026-7836   hextoint macro uppercase bug                            
2026/05/13      2.0.0 - 4.4.3   Low
CVE-2026-7835   Format string argument mismatch                         
2026/05/13      3.0.3 - 4.4.3   Low


--
        -Alan Coopersmith-                 [email protected]
         Oracle Solaris Engineering - https://blogs.oracle.com/solaris

Reply via email to