|
|
Log in / Subscribe / Register

Debian alert DLA-3990-1 (avahi)



From:
              Adrian Bunk <bunk@debian.org>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 3990-1] avahi security update


Date:
              Mon, 09 Dec 2024 14:41:17 +0200


Message-ID:
              <Z1blbR09U+V5UzPX@localhost>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3990-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
December 09, 2024                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : avahi
Version        : 0.8-5+deb11u3
CVE ID         : CVE-2023-1981 CVE-2023-38469 CVE-2023-38470 CVE-2023-38471 
                 CVE-2023-38472 CVE-2023-38473
Debian Bug     : 1034594 1054876 1054877 1054878 1054879 1054880

Multiple vulnerabilities have been fixed in the service discovery system Avahi.

CVE-2023-1981

    avahi-daemon can be crashed via DBus

CVE-2023-38469

    Reachable assertion in avahi_dns_packet_append_record

CVE-2023-38470

    Reachable assertion in avahi_escape_label

CVE-2023-38471

    Reachable assertion in dbus_set_host_name

CVE-2023-38472

    Reachable assertion in avahi_rdata_parse

CVE-2023-38473

    Reachable assertion in avahi_alternative_host_name

For Debian 11 bullseye, these problems have been fixed in version
0.8-5+deb11u3.

We recommend that you upgrade your avahi packages.

For the detailed security status of avahi please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/avahi

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmdW5W0ACgkQiNJCh6LY
mLEqww/+JhjCncM3/FxhpH1F3YqRnfwJxF0qftDRhJeIzcxjjWMdvfTr25zjthdw
u1AWE7UQ0G+gBWA6YXqYCODm9cvhvJi4oENjlKwiZ+NIY1YDogDz2kqHfIglntQg
LpBuLWHQlBwx4CLMM97AAvg5b2gn927y0nMtJfjKVTghUwxd0es8EBMWnDbTH+mJ
uC1qsmbRE44kj3bA0wyy4GKoiSStUnWctt0PYlQzop56L/akrfvWeowA7yTz+Qr/
M/WoM6zEecp4rP9UmIbkNxyTN6cnoas6IacxMHwqEDaycjODv0uAxsPRARFems0E
Ry0V/EBkHfHOueWl1YamfEEYMyY9C9VaQfVq6w30CMhkNFuHtnYGhgbdLQrowc4y
Iq9ayPClZ6xhxjPZs/a8iCMfXJNPP4THiB1vBNzldAV4GOOJ3KOwU1FcoAvb/bs4
1zsuG3kI8qi7CGk4D/K3OFzw9YNLpTt3KgZYJexFKrl+Y1xvqE59UHFpWDXirPRM
aEk9ahyLsRMB55FPDw9/p/bThZgthuu4KrNp7Qlkmmo6ekXIvz7jQA/F8LiEgJBY
SeqzJPaXkLg1s8Zm7ChdK+sfVw56m6HsIgCJe7EDqk0EkOxAdlQKS6Y95TMK2KCG
7BlMBNJi5r1awFpCl6m0Xg3CpOqDKZWF2AYstg5wYS9CF5MpUaM=
=X8aB
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds