Security update for netatalk SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:4287-1 Final 1 1 2018-12-28T16:48:19Z current 2018-12-28T16:48:19Z 2018-12-28T16:48:19Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for netatalk This update for netatalk fixes the following issues: Security issue fixed: - CVE-2018-1160 Fixed a missing bounds check in the handling of the DSI OPEN SESSION request, which allowed an unauthenticated to overwrite memory with data of their choice leading for arbitrary code execution with root privileges. (bsc#1119540) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00071.html E-Mail link for openSUSE-SU-2018:4287-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libatalk16-3.1.7-8.3.1 netatalk-3.1.7-8.3.1 netatalk-devel-3.1.7-8.3.1 libatalk16-3.1.7-8.3.1 as a component of openSUSE Leap 42.3 netatalk-3.1.7-8.3.1 as a component of openSUSE Leap 42.3 netatalk-devel-3.1.7-8.3.1 as a component of openSUSE Leap 42.3 Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution. CVE-2018-1160 openSUSE Leap 42.3:libatalk16-3.1.7-8.3.1 openSUSE Leap 42.3:netatalk-3.1.7-8.3.1 openSUSE Leap 42.3:netatalk-devel-3.1.7-8.3.1 critical Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00071.html https://www.suse.com/security/cve/CVE-2018-1160.html CVE-2018-1160 https://bugzilla.suse.com/1119540 SUSE Bug 1119540