ALSA-2023:6707

Source
https://errata.almalinux.org/9/ALSA-2023-6707.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2023:6707.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2023:6707
Related
Published
2023-11-07T00:00:00Z
Modified
2023-11-14T12:09:38Z
Summary
Moderate: avahi security update
Details

Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print with, and find shared files on other computers.

Security Fix(es):

  • avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket (CVE-2021-3468)
  • avahi: reachable assertion in avahishostnameresolver_start when trying to resolve badly-formatted hostnames (CVE-2021-3502)
  • avahi: avahi-daemon can be crashed via DBus (CVE-2023-1981)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

Affected packages

AlmaLinux:9 / avahi

Package

Name
avahi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-15.el9

AlmaLinux:9 / avahi-compat-howl

Package

Name
avahi-compat-howl

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-15.el9

AlmaLinux:9 / avahi-compat-howl-devel

Package

Name
avahi-compat-howl-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-15.el9

AlmaLinux:9 / avahi-compat-libdns_sd

Package

Name
avahi-compat-libdns_sd

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-15.el9

AlmaLinux:9 / avahi-compat-libdns_sd-devel

Package

Name
avahi-compat-libdns_sd-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-15.el9

AlmaLinux:9 / avahi-devel

Package

Name
avahi-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-15.el9

AlmaLinux:9 / avahi-glib

Package

Name
avahi-glib

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-15.el9

AlmaLinux:9 / avahi-glib-devel

Package

Name
avahi-glib-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-15.el9

AlmaLinux:9 / avahi-libs

Package

Name
avahi-libs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-15.el9

AlmaLinux:9 / avahi-tools

Package

Name
avahi-tools

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8-15.el9