avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "avahi-autoipd", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "avahi-autoipd-dbgsym", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "avahi-daemon", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "avahi-daemon-dbgsym", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "avahi-discover", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "avahi-dnsconfd", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "avahi-dnsconfd-dbgsym", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "avahi-ui-utils", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "avahi-ui-utils-dbgsym", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "avahi-utils", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "avahi-utils-dbgsym", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "gir1.2-avahi-0.6", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "libavahi-client-dev", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "libavahi-client3", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "libavahi-client3-dbgsym", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "libavahi-common-data", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "libavahi-common-dev", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "libavahi-common3", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "libavahi-common3-dbgsym", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "libavahi-common3-udeb", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "libavahi-compat-libdnssd-dev", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "libavahi-compat-libdnssd1", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "libavahi-compat-libdnssd1-dbgsym", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "libavahi-core-dev", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "libavahi-core7", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "libavahi-core7-dbgsym", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "libavahi-core7-udeb", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "libavahi-glib-dev", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "libavahi-glib1", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "libavahi-glib1-dbgsym", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "libavahi-gobject-dev", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "libavahi-gobject0", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "libavahi-gobject0-dbgsym", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "libavahi-ui-gtk3-0", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "libavahi-ui-gtk3-0-dbgsym", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "libavahi-ui-gtk3-dev", "binary_version": "0.7-4ubuntu7" }, { "binary_name": "python-avahi", "binary_version": "0.7-4ubuntu7" } ] }