{"affected":[{"ecosystem_specific":{"binaries":[{"libatalk0":"3.1.18-3.25.1","netatalk":"3.1.18-3.25.1","netatalk-devel":"3.1.18-3.25.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP5","name":"netatalk","purl":"pkg:rpm/suse/netatalk&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.1.18-3.25.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libatalk0":"3.1.18-3.25.1","netatalk":"3.1.18-3.25.1","netatalk-devel":"3.1.18-3.25.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 12 SP5","name":"netatalk","purl":"pkg:rpm/suse/netatalk&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.1.18-3.25.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for netatalk fixes the following issues:\n\n- CVE-2024-38439: Fixed a heap buffer overflow because of setting\n  ibuf[PASSWDLEN] to \\0 in FPLoginExt in login in etc/uams/uams_pam.c\n  (bsc#1226430).\n- CVE-2024-38440: Fixed a heap buffer overflow because of incorrectly\n  using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c\n  (bsc#1226429).\n- CVE-2024-38441: Fixed a heap buffer overflow because of setting\n  ibuf[len] to \\0 in FPMapName in afp_mapname in etc/afp/directory.c\n  (bsc#1226431).\n","id":"SUSE-SU-2024:2301-1","modified":"2024-07-04T13:17:32Z","published":"2024-07-04T13:17:32Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20242301-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1226429"},{"type":"REPORT","url":"https://bugzilla.suse.com/1226430"},{"type":"REPORT","url":"https://bugzilla.suse.com/1226431"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-38439"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-38440"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-38441"}],"related":["CVE-2024-38439","CVE-2024-38440","CVE-2024-38441"],"summary":"Security update for netatalk","upstream":["CVE-2024-38439","CVE-2024-38440","CVE-2024-38441"]}