|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2024-38439: netatalk: off-by-one error resultant in a heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | SMASH SMASH <smash_bz> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P2 - High | CC: | andrea.mattiazzo |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/411054/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2024-38439:7.3:(AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
SMASH SMASH
2024-06-17 10:45:49 UTC
https://security-tracker.debian.org/tracker/CVE-2024-38439 MITRE pinged for clarification or rejection by Debian https://netatalk.io/security/CVE-2024-38439 Tracking as affected: - SUSE:SLE-12:Update/netatalk Submitted for 12/netatalk. I believe all fixed. SUSE-SU-2024:2301-1: An update that solves three vulnerabilities can now be installed. Category: security (important) Bug References: 1226429, 1226430, 1226431 CVE References: CVE-2024-38439, CVE-2024-38440, CVE-2024-38441 Maintenance Incident: [SUSE:Maintenance:34547](https://smelt.suse.de/incident/34547/) Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): netatalk-3.1.18-3.25.1 SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): netatalk-3.1.18-3.25.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. All done, closing. |