Fedora alert FEDORA-2026-e7e7bb2417 (netatalk)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 44 Update: netatalk-4.4.3-1.fc44 | |
| Date: | Sun, 31 May 2026 00:57:02 +0000 | |
| Message-ID: | <20260531005702.685C07935D@bastion01.rdu3.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e7e7bb2417 2026-05-31 00:55:16.967046+00:00 -------------------------------------------------------------------------------- Name : netatalk Product : Fedora 44 Version : 4.4.3 Release : 1.fc44 URL : http://netatalk.sourceforge.net Summary : Open Source Apple Filing Protocol(AFP) File Server Description : Netatalk is a freely-available Open Source AFP file server. A *NIX/*BSD system running Netatalk is capable of serving many Macintosh clients simultaneously as an AppleShare file server (AFP). In addition to the AFP file server daemon, the following utility programs are also included: * ad - AppleDouble file utility suite * afpldaptest - validate Netatalk LDAP parameters * afppasswd - RandNum UAM password management * afpstats - inquire AFP server usage stats * asip-status - inquire AFP server capabilities * dbd - CNID database maintenance * macusers - list connected AFP server users -------------------------------------------------------------------------------- Update Information: 4.4.3 Release -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #2459261 - netatalk-4.4.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2459261 [ 2 ] Bug #2480439 - CVE-2026-44057 netatalk: Netatalk: Information disclosure via crafted Spotlight RPC requests [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480439 [ 3 ] Bug #2480440 - CVE-2026-44057 netatalk: Netatalk: Information disclosure via crafted Spotlight RPC requests [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480440 [ 4 ] Bug #2480449 - CVE-2026-44049 netatalk: Netatalk: Arbitrary code execution via out-of-bounds write [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480449 [ 5 ] Bug #2480450 - CVE-2026-44049 netatalk: Netatalk: Arbitrary code execution via out-of-bounds write [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480450 [ 6 ] Bug #2480467 - CVE-2026-44069 netatalk: Netatalk: Integer underflow vulnerability in volxlate function [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480467 [ 7 ] Bug #2480470 - CVE-2026-44052 netatalk: Netatalk: Information Disclosure via ldap simple-bind password exposure in logs [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480470 [ 8 ] Bug #2480471 - CVE-2026-44052 netatalk: Netatalk: Information Disclosure via ldap simple-bind password exposure in logs [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480471 [ 9 ] Bug #2480472 - CVE-2026-44054 netatalk: Netatalk: Denial of Service via predictable session token [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480472 [ 10 ] Bug #2480473 - CVE-2026-44054 netatalk: Netatalk: Denial of Service via predictable session token [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480473 [ 11 ] Bug #2480478 - CVE-2026-44062 netatalk: Netatalk: Arbitrary code execution or denial of service due to missing bounds check [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480478 [ 12 ] Bug #2480479 - CVE-2026-44062 netatalk: Netatalk: Arbitrary code execution or denial of service due to missing bounds check [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480479 [ 13 ] Bug #2480483 - CVE-2026-44068 netatalk: Netatalk: Arbitrary file access via path traversal [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480483 [ 14 ] Bug #2480486 - CVE-2026-44076 netatalk: Netatalk: Arbitrary Code Execution via shell injection in volume path [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480486 [ 15 ] Bug #2480487 - CVE-2026-44076 netatalk: Netatalk: Arbitrary Code Execution via shell injection in volume path [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480487 [ 16 ] Bug #2480488 - CVE-2026-44060 netatalk: Netatalk: Denial of Service via integer underflow [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480488 [ 17 ] Bug #2480489 - CVE-2026-44060 netatalk: Netatalk: Denial of Service via integer underflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480489 [ 18 ] Bug #2480490 - CVE-2026-44055 netatalk: Netatalk: Arbitrary code execution via shell injection [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480490 [ 19 ] Bug #2480491 - CVE-2026-44055 netatalk: Netatalk: Arbitrary code execution via shell injection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480491 [ 20 ] Bug #2480496 - CVE-2026-44050 netatalk: Netatalk: Arbitrary code execution via heap buffer overflow in cnid daemon [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480496 [ 21 ] Bug #2480497 - CVE-2026-44050 netatalk: Netatalk: Arbitrary code execution via heap buffer overflow in cnid daemon [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480497 [ 22 ] Bug #2480501 - CVE-2026-44047 netatalk: Netatalk: Arbitrary code execution and data compromise via SQL injection [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480501 [ 23 ] Bug #2480502 - CVE-2026-44047 netatalk: Netatalk: Arbitrary code execution and data compromise via SQL injection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480502 [ 24 ] Bug #2480624 - CVE-2026-44048 netatalk: stack buffer overflow via UCS-2 type confusion in convert_charset() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480624 [ 25 ] Bug #2480625 - CVE-2026-44048 netatalk: stack buffer overflow via UCS-2 type confusion in convert_charset() [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480625 [ 26 ] Bug #2480626 - CVE-2026-44066 netatalk: heap out-of-bounds reads in Spotlight RPC unmarshalling [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480626 [ 27 ] Bug #2480627 - CVE-2026-44066 netatalk: heap out-of-bounds reads in Spotlight RPC unmarshalling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480627 [ 28 ] Bug #2480628 - CVE-2026-44064 netatalk: ASP session ID out-of-bounds access [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480628 [ 29 ] Bug #2480629 - CVE-2026-44064 netatalk: ASP session ID out-of-bounds access [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480629 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e7e7bb2417' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new