Debian alert DLA-3466-1 (avahi)
| From: | Bastien Roucaries <rouca@debian.org> | |
| To: | <debian-lts-announce@lists.debian.org> | |
| Subject: | [SECURITY] [DLA 3466-1] avahi security update | |
| Date: | Wed, 21 Jun 2023 22:49:21 +0000 | |
| Message-ID: | <7eea147d341cf8d42bc60af320e27795.rouca@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3466-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucariès June 21, 2023 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : avahi Version : 0.7-4+deb10u3 CVE ID : CVE-2021-3468 Debian Bug : 984938 Avahi a free zero-configuration networking (zeroconf) implementation, including a system for multicast DNS/DNS-SD service discovery, was affected by a Deny of Service. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. For Debian 10 buster, this problem has been fixed in version 0.7-4+deb10u3. We recommend that you upgrade your avahi packages. For the detailed security status of avahi please refer to its security tracker page at: https://security-tracker.debian.org/tracker/avahi Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmSTfnEACgkQADoaLapB CF8JOQ/+K8aBrBzgB7HVmGTk8w8md1xxuaNEepJ01oflWO3No9eGfQJ0UnJrHGi7 I4eOrH4nKoOYx7ix+7UuQhFH+cen8QkvGTfydh61DeuYA6+tacK61gI/vQCU29yz an+Js1kqNVZdF+Rzi6nRgW4K2BJpTGWX9JRk85kMKhKqZlT5Vs3qgbKut7c7CfLr qbxMv026bkur+7JFBUFQyRhpR6lZwjlkpSuG2u6OPvWWrPWhwllY/jpj6y4jZzoA u2v5BVnrsyZDSlnBQdddMjjNAeqVLgUAnZdxH9L62VrcAtcuLh8MjXo6wAIrZX+N JU/3o5d7B+ms/jVbqI2Qfkls3AysT/afLAw9C83YtVTli5kkWWYbeQqIuILJCpgF 3MbbFQaZUety1PsjW+IYlyFVsnmiixAV7/fGwiahXqSc0adczY8nW3uMEya3TPAT w7yUhIKXJMNw1QlPazwd4Llm1ouQQT3GKz61HYIqzzGxGwF9CypSb1GiGuj4/RnP T6IvsnoEY3A+Q498XqvR5oar+1655oT0OMtIGC+bnChIuBAqOsPFNayo9Z5Cz7Oo bRfVJiYg6FTu0THRL+4psFZ5uC9PtgtuWxdSonkNsNRL/aZ7CQsjkWeYuyNJYmpq UFGXDC94hsnATZZkI3mPDvDUc6DH4KBTx4jEi4OM76b8m0TeUoE= =c48R -----END PGP SIGNATURE-----