Netatalk vulnerabilities
Published: Mon, 08 Jun 2026 11:33
Summary
Several security issues were fixed in Netatalk.
Details
Arjun Basnet discovered that Netatalk incorrectly sanitized user input in its MySQL CNID backend. A remote authenticated attacker could possibly use this issue to conduct SQL injection attacks. (CVE-2026-44047) Arjun Basnet discovered that Netatalk incorrectly handled UCS-2 character set conversion. A remote authenticated attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-44048) Arjun Basnet discovered that Netatalk improperly handled null termination during character set conversion. A remote authenticated attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-44049) Arjun Basnet discovered that the Netatalk CNID daemon improperly handled request-supplied name lengths. A local attacker could possibly use this issue to cause a denial of service or execute arbitrary code with escalated privileges. (CVE-2026-44050) Arjun Basnet discovered that Netatalk improperly resolved symbolic links. A remote authenticated attacker could possibly use this issue to read or overwrite arbitrary files on the system. (CVE-2026-44051) Arjun Basnet discovered that Netatalk incorrectly handled logging when performing LDAP simple-bind operations. A local attacker could possibly use this issue to obtain sensitive information. (CVE-2026-44052) Arjun Basnet discovered that Netatalk contained an operator precedence logic error when processing input. A remote authenticated attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-44055) Arjun Basnet discovered that Netatalk incorrectly handled DSI write requests. A remote unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2026-44060) Arjun Basnet discovered that Netatalk incorrectly validated output lengths when converting character sets. A remote authenticated attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-44062) Arjun Basnet discovered that Netatalk incorrectly handled length validation when parsing certain session identifiers. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-44064)
Recommended actions per Ubuntu release
StackPatch playbook auto-generated per release codename and per affected package.
Ubuntu bionic
netatalk→2.2.6-1ubuntu0.18.04.2+esm3apt_upgradeStandard apt upgrade. Install 2.2.6-1ubuntu0.18.04.2+esm3 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y netatalk
Most apt upgrades restart their service automatically. needrestart lists anything else.
netatalk→2.2.6-1ubuntu0.18.04.2+esm3apt_upgradeStandard apt upgrade. Install 2.2.6-1ubuntu0.18.04.2+esm3 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y netatalk
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu focal
netatalk→3.1.12~ds-4ubuntu0.20.04.4+esm1apt_upgradeStandard apt upgrade. Install 3.1.12~ds-4ubuntu0.20.04.4+esm1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y netatalk
Most apt upgrades restart their service automatically. needrestart lists anything else.
netatalk→3.1.12~ds-4ubuntu0.20.04.4+esm1apt_upgradeStandard apt upgrade. Install 3.1.12~ds-4ubuntu0.20.04.4+esm1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y netatalk
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu jammy
netatalk→3.1.12~ds-9ubuntu0.22.04.4+esm1apt_upgradeStandard apt upgrade. Install 3.1.12~ds-9ubuntu0.22.04.4+esm1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y netatalk
Most apt upgrades restart their service automatically. needrestart lists anything else.
netatalk→3.1.12~ds-9ubuntu0.22.04.4+esm1apt_upgradeStandard apt upgrade. Install 3.1.12~ds-9ubuntu0.22.04.4+esm1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y netatalk
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu noble
netatalk→3.1.18~ds-1ubuntu0.1~esm2apt_upgrade_esmFixed at 3.1.18~ds-1ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y netatalk=3.1.18~ds-1ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
netatalk→3.1.18~ds-1ubuntu0.1~esm2apt_upgrade_esmFixed at 3.1.18~ds-1ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y netatalk=3.1.18~ds-1ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
Ubuntu resolute
netatalk→4.2.3~ds-2.1ubuntu0.1apt_upgradeStandard apt upgrade. Install 4.2.3~ds-2.1ubuntu0.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y netatalk
Most apt upgrades restart their service automatically. needrestart lists anything else.
a2boot→4.2.3~ds-2.1ubuntu0.1apt_upgradeStandard apt upgrade. Install 4.2.3~ds-2.1ubuntu0.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y a2boot
Most apt upgrades restart their service automatically. needrestart lists anything else.
atalkd→4.2.3~ds-2.1ubuntu0.1apt_upgradeStandard apt upgrade. Install 4.2.3~ds-2.1ubuntu0.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y atalkd
Most apt upgrades restart their service automatically. needrestart lists anything else.
libatalk→4.2.3~ds-2.1ubuntu0.1apt_upgradeStandard apt upgrade. Install 4.2.3~ds-2.1ubuntu0.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libatalk
Most apt upgrades restart their service automatically. needrestart lists anything else.
libatalk-dev→4.2.3~ds-2.1ubuntu0.1apt_upgradeStandard apt upgrade. Install 4.2.3~ds-2.1ubuntu0.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libatalk-dev
Most apt upgrades restart their service automatically. needrestart lists anything else.
macipgw→4.2.3~ds-2.1ubuntu0.1apt_upgradeStandard apt upgrade. Install 4.2.3~ds-2.1ubuntu0.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y macipgw
Most apt upgrades restart their service automatically. needrestart lists anything else.
netatalk→4.2.3~ds-2.1ubuntu0.1apt_upgradeStandard apt upgrade. Install 4.2.3~ds-2.1ubuntu0.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y netatalk
Most apt upgrades restart their service automatically. needrestart lists anything else.
netatalk-doc→4.2.3~ds-2.1ubuntu0.1apt_upgradeStandard apt upgrade. Install 4.2.3~ds-2.1ubuntu0.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y netatalk-doc
Most apt upgrades restart their service automatically. needrestart lists anything else.
netatalk-tests→4.2.3~ds-2.1ubuntu0.1apt_upgradeStandard apt upgrade. Install 4.2.3~ds-2.1ubuntu0.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y netatalk-tests
Most apt upgrades restart their service automatically. needrestart lists anything else.
netatalk-tools→4.2.3~ds-2.1ubuntu0.1apt_upgradeStandard apt upgrade. Install 4.2.3~ds-2.1ubuntu0.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y netatalk-tools
Most apt upgrades restart their service automatically. needrestart lists anything else.
papd→4.2.3~ds-2.1ubuntu0.1apt_upgradeStandard apt upgrade. Install 4.2.3~ds-2.1ubuntu0.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y papd
Most apt upgrades restart their service automatically. needrestart lists anything else.
timelord→4.2.3~ds-2.1ubuntu0.1apt_upgradeStandard apt upgrade. Install 4.2.3~ds-2.1ubuntu0.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y timelord
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu trusty
netatalk→2.2.2-1ubuntu2.2+esm3apt_upgradeStandard apt upgrade. Install 2.2.2-1ubuntu2.2+esm3 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y netatalk
Most apt upgrades restart their service automatically. needrestart lists anything else.
netatalk→2.2.2-1ubuntu2.2+esm3apt_upgradeStandard apt upgrade. Install 2.2.2-1ubuntu2.2+esm3 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y netatalk
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu xenial
netatalk→2.2.5-1ubuntu0.2+esm3apt_upgradeStandard apt upgrade. Install 2.2.5-1ubuntu0.2+esm3 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y netatalk
Most apt upgrades restart their service automatically. needrestart lists anything else.
netatalk→2.2.5-1ubuntu0.2+esm3apt_upgradeStandard apt upgrade. Install 2.2.5-1ubuntu0.2+esm3 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y netatalk
Most apt upgrades restart their service automatically. needrestart lists anything else.
Are YOU affected by USN-8395-1?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8395-1 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
StackPatch runs this match against YOUR installed packages every hour
Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.