DSA-1705-1 netatalk -- missing input sanitisingID: oval:org.secpod.oval:def:600307 | Date: (C)2011-05-13 (M)2022-10-10 |
Class: PATCH | Family: unix |
It was discovered that netatalk, an implementation of the AppleTalk suite, is affected by a command injection vulnerability when processing PostScript streams via papd. This could lead to the execution of arbitrary code. Please note that this only affects installations that are configured to use a pipe command in combination with wildcard symbols substituted with values of the printed job. For the stable distribution this problem has been fixed in version 2.0.3-4+etch1. For the upcoming stable distribution this problem has been fixed in version 2.0.3-11+lenny1. For the unstable distribution this problem has been fixed in version 2.0.4~beta2-1. We recommend that you upgrade your netatalk package.