Bug#1052087: marked as done (CVE-2023-42464: 0-day vulnerability in afpd Spotlight RPC)

Sun, 17 Sep 2023 13:45:16 -0700 

Your message dated Sun, 17 Sep 2023 20:41:40 +0000
with message-id <e1qhyak-0049gv...@fasolo.debian.org>
and subject line Bug#1052087: fixed in netatalk 3.1.17~ds-1
has caused the Debian Bug report #1052087,
regarding CVE-2023-42464: 0-day vulnerability in afpd Spotlight RPC
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1052087: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052087
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: netatalk
Version: 3.1.12~ds-3
Severity: critical
Tags: security
Justification: root security hole

A 0-day vulnerability patch has been published for the upstream project.

The CVE record has not been made public yet, but this is the body of the
advisory for the record:

A Type Confusion vulnerability was found in the Spotlight RPC functions
in Netatalk's afpd daemon. When parsing Spotlight RPC packets, one
encoded data structure is a key-value style dictionary where the keys
are character strings, and the values can be any of the supported types
in the underlying protocol. Due to a lack of type checking in callers of
the dalloc_value_for_key() function, which returns the object associated
with a key, a malicious actor may be able to fully control the value of
the pointer and theoretically achieve Remote Code Execution on the host.

The underlying code for Spotlight queries in Netatalk shares a common
heritage with Samba, and hence the root cause and fix are logically
identical with those described in CVE-2023-34967.

https://github.com/Netatalk/netatalk/issues/486

-- System Information:
Debian Release: 10.13
  APT prefers oldoldstable
  APT policy: (500, 'oldoldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-12-amd64 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to C.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to 
C.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages netatalk depends on:
ii  libacl1                  2.2.53-4
ii  libattr1                 1:2.4.48-4
ii  libavahi-client3         0.7-4+deb10u1
ii  libavahi-common3         0.7-4+deb10u1
ii  libc6                    2.28-10+deb10u1
ii  libdb5.3                 5.3.28+dfsg1-0.5
ii  libdbus-1-3              1.12.20-0+deb10u1
ii  libdbus-glib-1-2         0.110-4
ii  libgcrypt20              1.8.4-5+deb10u1
ii  libglib2.0-0             2.58.3-2+deb10u3
ii  libldap-2.4-2            2.4.47+dfsg-3+deb10u7
ii  libpam-modules           1.3.1-5
ii  libpam0g                 1.3.1-5
ii  libtalloc2               2.1.14-2
ii  libtdb1                  1.3.16-2+b1
ii  libtracker-sparql-2.0-0  2.1.8-2
ii  libwrap0                 7.6.q-28
ii  lsb-base                 10.2019051400
ii  netbase                  5.6
ii  perl                     5.28.1-6+deb10u1

Versions of packages netatalk recommends:
ii  avahi-daemon  0.7-4+deb10u1
ii  dbus          1.12.20-0+deb10u1
ii  lsof          4.91+dfsg-1
ii  procps        2:3.3.15-2
ii  python3       3.7.3-1
ii  python3-dbus  1.2.8-3
ii  tracker       2.1.8-2

Versions of packages netatalk suggests:
pn  quota  <none>

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: netatalk
Source-Version: 3.1.17~ds-1
Done: Jonas Smedegaard <d...@jones.dk>

We believe that the bug you reported is fixed in the latest version of
netatalk, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1052...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonas Smedegaard <d...@jones.dk> (supplier of updated netatalk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 17 Sep 2023 21:58:16 +0200
Source: netatalk
Architecture: source
Version: 3.1.17~ds-1
Distribution: unstable
Urgency: high
Maintainer: Debian Netatalk team <pkg-netatalk-de...@lists.alioth.debian.org>
Changed-By: Jonas Smedegaard <d...@jones.dk>
Closes: 1040065 1052087
Changes:
 netatalk (3.1.17~ds-1) unstable; urgency=high
 .
   [ upstream ]
   * new release(s)
     + Use non-interactive PAM session when available
       closes: bug#1040065, thanks to Richard van den Berg
     + Renames asip-status.pl to asip-status
     + Removes uniconv and cnid2_create from distribution
     + FIX CVE-2023-42464:
       Validate data type in dalloc_value_for_key()
     + FIX: Declare a variable before using it in a loop,
       which was throwing off the default compiler on RHEL7
     closes: bug#1052087
 .
   [ Daniel Markstedt ]
   * Drop patches obsoleted by upstream changes:
     001, 101, 105, 106, 107, 204
   * Generate man pages from XML sources with docbook-xsl
   * Improve configure parameters:
     + Explicitly define sysconfdir
     + Sort parameters alphabetically
   * Add lintian overrides for:
     + package-name-doesnt-match-sonames
     + package-contains-documentation-outside-usr-share-doc
 .
   [ Jonas Smedegaard ]
   * set urgency=high due to security-related bugfixes
Checksums-Sha1:
 709528fb9a7e9c6e9839370bc64ad767259806ff 2486 netatalk_3.1.17~ds-1.dsc
 c3fbdff1ca1f5591761bf0c35dfae7f4ad318314 841312 netatalk_3.1.17~ds.orig.tar.xz
 98d2eaae361bda1e54b94220d75b76e01cb28482 39168 
netatalk_3.1.17~ds-1.debian.tar.xz
 52451f0581fa08561eb585675a0ce7fa0e3e2dfb 11202 
netatalk_3.1.17~ds-1_amd64.buildinfo
Checksums-Sha256:
 265567c3e9db2a327daba8e2887d3f8cd6fc3c6ba9bdb7ef7bef670d7744f346 2486 
netatalk_3.1.17~ds-1.dsc
 b79f49ab87e35a1cfe2560fa25cd26481f434a402ca4dc6128db5937d9188ed6 841312 
netatalk_3.1.17~ds.orig.tar.xz
 30af83afea64f1727f794f870e9eee409d56954e97db9902a6ee9c226a075df6 39168 
netatalk_3.1.17~ds-1.debian.tar.xz
 807a9c21431d82086999019349edcf5493a0cad0da6b597126d91157d8513d3f 11202 
netatalk_3.1.17~ds-1_amd64.buildinfo
Files:
 29b041b3cc13fac687c1392a1cbccefe 2486 net optional netatalk_3.1.17~ds-1.dsc
 8e9a5aa254100a4a6868f51d62597531 841312 net optional 
netatalk_3.1.17~ds.orig.tar.xz
 f5c822c8d26c634831b5986f82d2c6fa 39168 net optional 
netatalk_3.1.17~ds-1.debian.tar.xz
 36457f18fa80d724358d35584787ac0e 11202 net optional 
netatalk_3.1.17~ds-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmUHYFQACgkQLHwxRsGg
ASE6xg/+Ji29xYUA25tzw3yW3NIYhHCzoLzPgEotQ0Ncan5DzojUowX/hxnUsTlU
w9hBs4medG9IOP8bCjoFQsLkfpijUzh6vQgPoCJ5fXehM+cCr9GOB5zB7GgmxvMe
c0x8OAONLBdWDe/lHx/mJzLBIAZigmoBh+k2kWqLIR+vrFi6wOF7KAAeuzkNMpMp
1S53lTglyuP7wV3vutfzEjQf7sXD/Jl12KHpuyD7kjNS90ttkrGDdi8Vfrt8HEv+
Gm2J9kB9AdsOPdkWGY1E2+r/Twt7v01mhgVfwDDi7lp+GZSQ2+pS18cApvPkw3AT
1OmLurTM48wmabOqXEHDP9WL59riev+FXMQTsbk+J2vwslJ+vmpFQdTFPO8uNtuY
Xc513RDzmcxR3YdWnVXBpZVh9Cj/CgeasXxRep8xM3Y+YVT2toL6D6D3z1n8gDNF
U54YedFOcXn5HgOtZhcXr5nSi6GlOzbl7n8ae5SVHLE5+f7gGi1zNXt6/VnVTkya
uHU87oNTepI9NhpG1SMS2Mwds8g1X0YmNwYwmfVdq7/gDCFFW/MtMDdnzi8Pb44D
31fRAp4ryORiZzmjmaryw/dYbcQ1jWGgC+55l8eAx798T7Z1T3a4jXatzf4O8xVL
vebyUkzDEKBdNYOqWmJ1uMec4JJL+r7k1Dy6Hjfen+5lJn5o8OA=
=yVGI
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to