Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2023:7836

Опубликовано: 09 янв. 2024
Источник: rocky
Оценка: Moderate

Описание

Moderate: avahi security update

Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print with, and find shared files on other computers.

Security Fix(es):

  • avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket (CVE-2021-3468)

  • avahi: Reachable assertion in avahi_dns_packet_append_record (CVE-2023-38469)

  • avahi: Reachable assertion in avahi_escape_label (CVE-2023-38470)

  • avahi: Reachable assertion in dbus_set_host_name (CVE-2023-38471)

  • avahi: Reachable assertion in avahi_rdata_parse (CVE-2023-38472)

  • avahi: Reachable assertion in avahi_alternative_host_name (CVE-2023-38473)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
avahiaarch6421.el8_9.1avahi-0.7-21.el8_9.1.aarch64.rpm
avahi-autoipdaarch6421.el8_9.1avahi-autoipd-0.7-21.el8_9.1.aarch64.rpm
avahi-glibaarch6421.el8_9.1avahi-glib-0.7-21.el8_9.1.aarch64.rpm
avahi-gobjectaarch6421.el8_9.1avahi-gobject-0.7-21.el8_9.1.aarch64.rpm
avahi-libsaarch6421.el8_9.1avahi-libs-0.7-21.el8_9.1.aarch64.rpm
python3-avahiaarch6421.el8_9.1python3-avahi-0.7-21.el8_9.1.aarch64.rpm

Показывать по

Связанные CVE

CVE-2021-3468
CVE-2023-38469
CVE-2023-38470
CVE-2023-38471
CVE-2023-38472
CVE-2023-38473

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2023-7836

oracle-oval
больше 1 года назад

ELSA-2023-7836: avahi security update (MODERATE)

oracle-oval логотип

ELSA-2024-2433

oracle-oval
около 1 года назад

ELSA-2024-2433: avahi security update (MODERATE)

redos логотип

ROS-20240910-02

CVSS3: 5.5
redos
10 месяцев назад

Множественные уязвимости avahi

ubuntu логотип

CVE-2021-3468

CVSS3: 5.5
ubuntu
около 4 лет назад

A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.

redhat логотип

CVE-2021-3468

CVSS3: 6.2
redhat
больше 4 лет назад

A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.