Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2026:0422-1

Опубликовано: 11 фев. 2026
Источник: suse-cvrf

Описание

Security update for avahi

This update for avahi fixes the following issues:

  • CVE-2025-68276: avahi: reachable assertion in avahi_wide_area_scan_cache can lead to crash of avahi-daemon (bsc#1256498).
  • CVE-2025-68468: avahi: reachable assertion in lookup_multicast_callback can lead to crash of avahi-daemon (bsc#1256499).
  • CVE-2025-68471: avahi: reachable assertion in lookup_start can lead to crash of avahi-daemon (bsc#1256500).

Список пакетов

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
avahi-0.6.32-32.36.1
avahi-compat-howl-devel-0.6.32-32.36.1
avahi-compat-mDNSResponder-devel-0.6.32-32.36.1
avahi-lang-0.6.32-32.36.1
avahi-utils-0.6.32-32.36.1
libavahi-client3-0.6.32-32.36.1
libavahi-client3-32bit-0.6.32-32.36.1
libavahi-common3-0.6.32-32.36.1
libavahi-common3-32bit-0.6.32-32.36.1
libavahi-core7-0.6.32-32.36.1
libavahi-devel-0.6.32-32.36.1
libdns_sd-0.6.32-32.36.1
libdns_sd-32bit-0.6.32-32.36.1

Ссылки

Описание

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon (with wide-area disabled) by creating record browsers with the AVAHI_LOOKUP_USE_WIDE_AREA flag set via D-Bus. This can be done by either calling the RecordBrowserNew method directly or creating hostname/address/service resolvers/browsers that create those browsers internally themselves.

Затронутые продукты
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:avahi-0.6.32-32.36.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:avahi-compat-howl-devel-0.6.32-32.36.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:avahi-compat-mDNSResponder-devel-0.6.32-32.36.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:avahi-lang-0.6.32-32.36.1
Ссылки

Описание

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. As soon as they expire avahi-daemon crashes.

Затронутые продукты
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:avahi-0.6.32-32.36.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:avahi-compat-howl-devel-0.6.32-32.36.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:avahi-compat-mDNSResponder-devel-0.6.32-32.36.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:avahi-lang-0.6.32-32.36.1
Ссылки

Описание

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart.

Затронутые продукты
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:avahi-0.6.32-32.36.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:avahi-compat-howl-devel-0.6.32-32.36.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:avahi-compat-mDNSResponder-devel-0.6.32-32.36.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:avahi-lang-0.6.32-32.36.1
Ссылки