Lucene search

Slackware Linux ProjectSSA-2024-253-01

HistorySep 09, 2024 - 5:33 p.m.

[slackware-security] netatalk

2024-09-0917:33:03

Slackware Linux Project

www.slackware.com

netatalk

security fix

slackware 15.0

slackware -current

wolfssl

cve-2024-1544

cve-2024-5288

cve-2024-5991

cve-2024-5814

upgrade

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

AI Score

7.1

Confidence

High

JSON

New netatalk packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:

patches/packages/netatalk-3.2.8-i586-1_slack15.0.txz: Upgraded.
Bump bundled WolfSSL library to stable version 5.7.2, GitHub #1433.
For more information, see:
https://vulners.com/cve/CVE-2024-1544
https://vulners.com/cve/CVE-2024-5288
https://vulners.com/cve/CVE-2024-5991
https://vulners.com/cve/CVE-2024-5814
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/netatalk-3.2.8-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/netatalk-3.2.8-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/netatalk-3.2.8-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/netatalk-3.2.8-x86_64-1.txz

MD5 signatures:

Slackware 15.0 package:
ea023949b9b9718c76cbc9400914d0bf netatalk-3.2.8-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
c7af679ac32c1e17c737756d968ddc52 netatalk-3.2.8-x86_64-1_slack15.0.txz

Slackware -current package:
6904bc31c57c731da7d3c8f3fbbb6a91 n/netatalk-3.2.8-i686-1.txz

Slackware x86_64 -current package:
a8f107e52dd2fee7f3814868df4dcda1 n/netatalk-3.2.8-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg netatalk-3.2.8-i586-1_slack15.0.txz

OSVersionArchitecturePackageVersionFilename
Slackware15.0i586netatalk< 3.2.8netatalk-3.2.8-i586-1_slack15.0.txz
Slackware15.0x86_64netatalk< 3.2.8netatalk-3.2.8-x86_64-1_slack15.0.txz
Slackwarecurrenti686netatalk< 3.2.8netatalk-3.2.8-i686-1.txz
Slackwarecurrentx86_64netatalk< 3.2.8netatalk-3.2.8-x86_64-1.txz

OS	Version	Architecture	Package	Version	Filename
Slackware	15.0	i586	netatalk	< 3.2.8	netatalk-3.2.8-i586-1_slack15.0.txz
Slackware	15.0	x86_64	netatalk	< 3.2.8	netatalk-3.2.8-x86_64-1_slack15.0.txz
Slackware	current	i686	netatalk	< 3.2.8	netatalk-3.2.8-i686-1.txz
Slackware	current	x86_64	netatalk	< 3.2.8	netatalk-3.2.8-x86_64-1.txz