Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 915354 (CVE-2022-22995)

Summary: <net-fs/netatalk-3.1.18: Remote code execution
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: blocker CC: maintainer-needed
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also:
Whiteboard: B0 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 915632    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-10-08 05:21:07 UTC

"The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code."
Comment 1 Larry the Git Cow gentoo-dev 2023-10-08 05:33:16 UTC
The bug has been referenced in the following commit(s):

commit 4ed8f4f1c1a5662225e5c333670266ab038348ac
Author:     Sam James <>
AuthorDate: 2023-10-08 05:31:15 +0000
Commit:     Sam James <>
CommitDate: 2023-10-08 05:31:15 +0000

    net-fs/netatalk: add 3.1.18
    Signed-off-by: Sam James <>

 net-fs/netatalk/Manifest               |   1 +
 net-fs/netatalk/netatalk-3.1.18.ebuild | 172 +++++++++++++++++++++++++++++++++
 2 files changed, 173 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2023-11-01 14:47:11 UTC
The bug has been referenced in the following commit(s):

commit c9c5667418b482993cc73092e63caaffa8554c8f
Author:     GLSAMaker <>
AuthorDate: 2023-11-01 14:46:24 +0000
Commit:     Hans de Graaff <>
CommitDate: 2023-11-01 14:46:58 +0000

    [ GLSA 202311-02 ] Netatalk: Multiple Vulnerabilities including root remote code execution
    Signed-off-by: GLSAMaker <>
    Signed-off-by: Hans de Graaff <>

 glsa-202311-02.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)