DSA-1705 netatalk -- missing input sanitisingID: oval:org.mitre.oval:def:7168 | Date: (C)2009-12-15 (M)2022-10-10 |
Class: PATCH | Family: unix |
It was discovered that netatalk, an implementation of the AppleTalk suite, is affected by a command injection vulnerability when processing PostScript streams via papd. This could lead to the execution of arbitrary code. Please note that this only affects installations that are configured to use a pipe command in combination with wildcard symbols substituted with values of the printed job.