Errata overview
Errata ID 498
Date 2019-05-15
Source package atftp
Fixed in version 0.7.git20120829-3.1~deb9u1
This update addresses the following issues:
* A remote attacker may send a crafted packet triggering a stack-based buffer
  overflow due to an insecurely implemented strncpy call. The vulnerability
  is triggered by sending an error packet of 3 bytes or fewer. There are
  multiple instances of this vulnerable strncpy pattern within the code base.
* atftpd does not lock the thread_list_mutex mutex before assigning the
  current thread data structure. As a result, the daemon is vulnerable to a
  denial of service attack due to a NULL pointer dereference. If thread_data
  is NULL when assigned to current, and modified by another thread before a
  certain tftpd_list.c check, there is a crash when dereferencing
  current->next. (CVE-2019-11366)
Additional notes
CVE ID CVE-2019-11365
UCS Bug number #49457